The most frequent cryptocurrency question I answer relates to the cryptocurrency Verge and why it fails to offer realistic privacy. Verge is a project which claims to be secure, anonymous, and private.
When we’re talking about privacy, the canonical group to focus on are law enforcement and government targets. They are journalists, dissidents, political activists, and criminals (sometimes subjective to a government). Their safety and freedom depends on their anonymity as they make and receive payments from associates, employers, merchants. In this scenario, receiving a regular set of payments from Wikileaks could get you killed in Russia.
First, let’s cover what Verge claims to offer:
- IP addresses are hidden with TOR, making it difficult to connect real-world identities to transactions. Even though the blockchain is transparent, nobody can tell who is transacting with whom.
- (Not yet implemented) Wraith protocol. This is stealth addresses. It allows a sender to construct a one-time unique address for the recipient that the funds can be sent to and which can be retrieved by the recipient without needing to interact with the sender. It provides privacy to the recipient of funds. At the time the funds are sent, nobody knows who the recipient is.
Now let’s cover what law enforcement and government use to track extremely high-value targets, like Ross Ulbricht:
- Blockchain analysis, where transactions associated with their targets (e.g. deposit address for silk road marketplace) are traced through the blockchain. At fiat/cryptocurrency gateways, they are required to follow strict anti-money laundering (AML) and know-your-customer (KYC) laws, which will require users to give up their identity to connect bank accounts and cash in/out. If transactions can be traced to one of these gateways, they can be subpoenaed and reveal the identity associated with a given address/account. This analysis is extremely broad and powerful.
- More blockchain analysis. Anything you touch with your transactions are still under the purview of this technique. Business partners, merchants, etc. If you buy coffee at Starbucks with a cryptocurrency, cameras can link you to the location and time of the transaction. Now your bank account is known, how you spend your money, where you get your money from, etc. Your financial life is on the blockchain and any part of it, properly de-anonymized, reveals the entire network of your financial history.
Verge does not have meaningful privacy and never did
Verge does not defend against any known methods of deanonymization
Today it is not a secret how government and law enforcement operates. There is a long history of arrests from using Bitcoin (see: https://shouldhaveusedmonero.xyz/). All existing forms of compromise have come from ways of connecting real world identities to transactions by tracing the transactions through the blockchain. Not a single case has ever involved someone revealing their IP address when sending a transaction.
This fact should be alarming. We know how arrests happen today and Verge’s main privacy feature does not address this and never did. This is a huge disconnect between Verge’s claims and privacy in the real world. Any government target could have been using Verge and it would not have made a different.
Running Bitcoin over Tor (or Verge) is unsafe
Running Bitcoin over Tor (that’s pretty much what Verge is) has been studied from a privacy perspective, underscoring my point that this combination was hardly a new idea with Verge. It turns out not to be entirely safe: https://arxiv.org/abs/1410.6079. The attack outlined in the paper is setting up malicious Tor nodes, and the spamming the Bitcoin network with mal-formed transactions through Tor. The honest nodes will get blocked from the network as an anti-spam feature and only the malicious nodes remain. This attack is easy to execute and it makes running Bitcoin over Tor more risky than just over the clearnet.
Verge’s Wraith Protocol alone is weak privacy even if it does get implemented
The Wraith Protocol is actually a well-known feature called stealth addresses. It has been known for several years, at least 2015: https://github.com/genjix/bips/blob/master/bip-stealth.mediawiki. It was even a candidate for Bitcoin at one point. (It was not integrated due to performance issues.)
Stealth addresses allow the sender to generate a unique address for the recipient that they can detect and control without any cooperation from them. One way to think of this is if the recipient generated a unique Electrum address for each transaction. Same concept. This provides privacy only for the recipient. With blockchain analysis, when a stealth payment is made it is impossible to tell who the recipient is at the time of the transaction.
Stealth payments alone are weak privacy. This is because people need to combine inputs for most of their payments, especially if they have one address per transaction for maximum privacy. However, if Wikileaks were to accept stealth payments, and send all of those stealth payments to an exchange (which follows AML/KYC laws), then all of those stealth payments lose their anonymity. Now it’s clear you just donated to Wikileaks. This is why privacy is hard. There is no silver bullet.
Verge’s optional privacy is unsafe
In practice when users are given the option to use privacy, they stick with the transparent default and only use private features when they need it. The result is that anyone using the privacy features are now a much smaller pool, so when you do use the private feature, you both stick out and have a smaller pool of people to hide in. It is analogous to wearing a ski-mask outside on a warm day. Nobody knows who you are, but you stick out and wearing the mask draws attention to you.
Default privacy is considered a necessity by privacy experts. This way, the pool of people you blend in with is much bigger, like a herd of Zebras running together. It is hard to see individual Zebras because they all give each other cover. And with default privacy the people who do need it do not draw attention to themselves because their behavior does not change. Everyone blends in with each other and is indistinguishable. Everyone wears the Guy Fawks mask.
Bonus section: Verge’s privacy solution is not even original
You don’t need Verge to run your cryptocurrency over Tor
Tor is just an anonymous proxy network. What this means is that it takes internet packets and just re-routes them through different servers, so that no single server knows both the content you are transmitting and your IP address at the same time. It is possible to connect your full-node to a Tor entry-node and broadcast your transactions through the Tor network. If you wanted, you could also have your full-node operate as a hidden service so that incoming transactions have no way of knowing your IP address as well.
What Verge provides is just a convenience. It is not a new feature that hasn’t been thoroughly explored already. It’s just taking something everybody already knew about, and packaging it in a way that sounds flashy to a non-technical audience who has never heard of Tor before.
Many other projects implemented stealth addresses (Wraith protocol) years ago
Monero has had stealth addresses since its inception in 2014. Shadowcash also had this feature. Spectrecoin has this feature. Even Vertcoin, a cryptocurrency which doesn’t even claim to be a private one, has had it since 2014. There are likely many other projects with this feature, and they don’t take years to implement it or hype it up as the last private feature the world will ever need. The Wraith Protocol has been an oversold feature that is actually an existing feature of many of the same projects that Verge claims to outcompete.
Verge makes false claims and puts others at risk
This is why Verge is so universally hated. It’s not because anybody is afraid. It’s not because anybody is trying to hurt the price. It’s because Verge could get someone hurt with their false claims.
There are parts of the world where people depend on privacy for their safety. Journalists, dissidents, political activists, criminals, citizens under oppressive regimes. For them, their privacy means their safety and freedom. If any of these people believe the claims of Verge and use this project for their transactions, they could get hurt or killed. Exercising caution in the name of safety limits into Verge’s marketing and by extension profitability, and they seem to prefer profits over the safety of people in other parts of the world. Experts are deeply worries about these efforts of Verge to shill their insecure technology to cryptocurrency investors because it contributes misinformation into the space that could get someone killed (see: comments section of this article dismissing this analysis, claiming I have hidden motives, attacking my character, presenting false counterarguments all because it threatens Verge).
Some of Verge’s better-known false claims are:
- IP address hiding over Tor + stealth addresses (Wraith) makes Verge more private than any other project that exists. I can find exactly one research article on Bitcoin + Tor, and it suggests the combination is highly problematic. In contrast, the zerocoin protocol (see: ZCoin, PIVX) has 200+ citations. The zerocash protocol (see: ZCash, ZClassic, Zencash) has 100+ citations. Ring signatures used in Monero probably have even more citations than both zerocoin and zerocash protocols combined, being much older. Ring confidential transactions, used in Monero, also is an active area of research. (See: https://eprint.iacr.org/2017/1066.pdf). These research articles study the security, security, and efficiency of these systems. With each article we learn new things and have more eyes helping secure these technologies. Verge has none of this, and there is nothing to suggest that will change.
- Monero’s private blockchain where nobody can see any information that would be useful for blockchain analysis is problematic because a transparent blockchain where everybody can see everybody elses’ balances is necessary for mass adoption. This is patently false. (See: https://www.reddit.com/r/vergecurrency/comments/75pi0y/great_infographic_on_verge/)
- Knowing the IP address of full-nodes is a security risk for those full-node operators, and not obscuring IP addresses is a security problem. Verge has on more than one occasion claimed false exploits that do not exist on other privacy projects. (See: https://themerkle.com/moneros-ip-address-leak-isnt-an-exploit-and-doesnt-affect-anonymity/)
- That Verge is a private and anonymous cryptocurrency. It does not prevent any known attacks at linking transactions to identities. (See: https://arxiv.org/abs/1410.6079 and https://www.coindesk.com/bitcoin-tor-anonymity-can-busted-2500-month/)
Verge is not private. It never was. This is not subjective. It fails to provide privacy in any meaningful way that would protect you from the people trying to violate it who could compromise your freedom or safety. It is no better than Bitcoin, which is considered dangerous to use for these purposes. This is enough to call Verge vaporware.
Verge makes strong claims about their privacy that are not true. They make false claims about the privacy provided by legitimate projects for their own benefit. They make these false claims despite knowing that it could get someone hurt. It is clear that the team is marketing on false information for self-serving purposes. These are not honest intentions. They do not care about the safety and freedom of people who need privacy. They are claiming to fight for a cause they clearly don’t care about, and putting others at risk for financial gain. If they are somehow not a scam, which seems probable, then they are indistinguishable from one.