Posted in: Archive
July 3, 2016 2:28 PM UTC

Bitcoin BIP 75 Proposal Raises Debate: Security/Privacy vs Easy-To-Use Wallets

The BIP 75 proposal to improve bitcoin’s ease of use has drawn a lot of criticism among bitcoiners on account of the option for a receiver to identify himself to the sender, according to an article by Bitcoin Magazine’s Kyle Torpey disseminated by Nasdaq.  Bitcoin…

The BIP 75 proposal to improve bitcoin’s ease of use has drawn a lot of criticism among bitcoiners on account of the option for a receiver to identify himself to the sender, according to an article by Bitcoin Magazine’s Kyle Torpey disseminated by Nasdaq.

Bitcoin Core contributor Peter Todd ignited the recent debate with a post to the bitcoin development mailing list recommending boycotting BIP 75 on account of anti-money laundering/know your customer (AML/KYC) concerns. Todd urged removing BIP 75 from the BIP repository and boycotting wallets that use it.

“It’s bad strategy for bitcoin developers to willingly participate in AML/KYC, just the same way as it’s bad for Tor to add wiretapping functionality, and W3C to support DRM tech,” Todd wrote on Reddit.

Others argued BIP 75 provides a way to encrypt the payment protocol and make it bi-directional. This is enabled through some of the new payment protocol message types such as InvoiceRequest, ProtocolMessage and EncryptedProtocolMessage.

BIP 75 Addresses BIP 70 Concerns

BIP 75 addresses some of the privacy and security concerns with the payment protocol that former Bitcoin Core lead maintainer, Gavin Andresen and former Bitcoin developer Mike Hearn outlined in BIP 70.

BIP 75, unlike BIP 70, has end-to-end encryption. The co-authors of BIP 75 are Matt David and Justin Newton of Netki and James MacWhyte and Aaron Voisine of Breadwallet.

Todd and others believe that BIP 75 could make it easier to trace bitcoin payments to real-world identities or simply streamline AML and KYC compliance for bitcoin. Another issue is whether this BIP should be in the main BIPs section of the Bitcoin Core GitHub repository.

The Reddit thread drew calls for a boycott of Breadwallet.

Justifiable Censorship?

Pieter Wuille, a Bitcoin Core contributor, said removing the BIP would amount to censorship.

But Todd pointed out that a proper BIP for a colored coins standard was denied access to the GitHub repository.

Todd said, BIP 75 “institutionalizes” (regulatory compliance) in a convenient way that everyone can easily use and expect. He said the bitcoin community should comply with AML KYC regulations only grudgingly. He compared it to creating a standard for Tor logs.

BIP 75 Can Infringe On Privacy

BIP 75 does, in fact, make it easier for companies to collect data on customers.

There has always been a threat of government forcing retailers to collect identifying information about customers, but BIP 75 has the potential to streamline this process.

In an interview with Bitcoin Magazine, Todd said he is more concerned about bitcoin senders identifying themselves than recipients.

On the other side of the debate, BIIP 75 is an opt-in protocol. To which Todd countered that blacklists can also be implemented in an opt-in manner, which doesn’t merit supporting their use.

How Invasive Is BP 75?

Justin Newton, Neiki CEO, one of BIP 75’s authors, told Bitcoin Magazine personality-identifying information sent with a payment protocol can only be seen by the transaction’s receiver and sender. Newton said another layer of encryption protects against the data being “man in the middle.”

A BIP 75 user does not have to trust their own device to keep payment information private when using a hardware wallet, Newton said.

Newton agreed with Todd that there is a slippery slope toward AML and KYC compliance. Newton, however, said compliance will be required if bitcoin is to reach the mass market and it should be done in a way that protects privacy, fungibility and bitcoin’s permissionless, open nature. Without such values, there will be hidden systems that do the same thing without taking into account the community’s concerns.

Breadwallet, according to a Reddit comment, is not interested in BIP 75 for reasons of regulatory compliance, but for its user friendliness. BIP 75 allows features found in more mainstream applications like human-readable address books and transaction logs.

Users can track transaction history on their own, but BIP 75 simplifies the process.

Also read: Bitcoin startup Subspace develops BIP70 payment requests protocol

Privacy/Security Versus Ease Of Use

Torpey, after summarizing the positions, offered some analysis of the debate.

The debate boils down to one of privacy and security versus easy-to-use wallets. Is abandoning some early principles worth mass market adoption?

In the case of BIP 75, there is not a major trade off. All personal information is encrypted end-to-end. Users do not give up more information that would not already be known by a transaction recipient. Keeping in mind this is a layer 2, opt-in protocol.

At the same time, the community must remain vigilant against efforts to apply traditional financial regulations to the blockchain. Bitcoin’s core value is the ability to transfer value across the Internet in a manner that is censorship resistant.

Those needing bitcoin for payments are those who would otherwise be locked out of traditional systems like credit cards and PayPal.

BIP 75 is not a major move in the wrong direction. But bitcoiners should refrain from attaching identifying information to transactions as much as possible.

The real problem in need of attention is for enhanced privacy features.

Why Breadwallet Supports BIP 75

James MacWhyte, Breakwallet director of product management, said BIP 75 puts users in full control of how much information they share and who they share it with. He said it is a huge improvement in privacy and a building block to making bitcoin more accessible.

Maintaining security and privacy requires avoiding address reuse, he said, but manually sending a new address each time one receives money is cumbersome. BIP 75 will allow Breadwallet to automatically give out payment addresses only to those the user trusts.

Breadwallet will never require personal information of its users, he said.

Featured image from Shutterstock.

Now Watch: CCN TV

Last modified: January 25, 2020 11:51 PM UTC

Lester Coleman

Lester Coleman is a media relations consultant for the payments and automated retailing industries.

More of: peter todd
Show comments