BitcoinDesign · pavlenex · May 28, 2021 · May 24, 2021 · May 25, 2021 · May 25, 2021
diff --git a/_compress_images_cache.yml b/_compress_images_cache.yml
@@ -944,3 +944,12 @@ assets/images/guide/getting-started/visual-language/[email protected]
 assets/images/guide/getting-started/visual-language/bitcoin-visual-language.jpg: bitcoin-visual-language.jpg
 assets/images/guide/getting-started/visual-language/[email protected]: [email protected]
 assets/images/guide/getting-started/visual-language/bitcoin-visual-language-mobile.jpg: bitcoin-visual-language-mobile.jpg
+assets/images/guide/payments/privacy/header.jpg: header.jpg
+assets/images/guide/payments/privacy/address-labeling.jpg: address-labeling.jpg
+assets/images/guide/payments/privacy/[email protected]: [email protected]
+assets/images/guide/payments/privacy/[email protected]: [email protected]
+assets/images/guide/payments/privacy/privacy-header-mobile.jpg: privacy-header-mobile.jpg
+assets/images/guide/payments/privacy/[email protected]: [email protected]
+assets/images/guide/payments/privacy/coin-join.jpg: coin-join.jpg
+assets/images/guide/payments/privacy/[email protected]: [email protected]
+assets/images/guide/payments/privacy/privacy-preview.jpg: privacy-preview.jpg
diff --git a/assets/images/guide/payments/privacy/address-labeling.jpg b/assets/images/guide/payments/privacy/address-labeling.jpg
diff --git a/assets/images/guide/payments/privacy/[email protected] b/assets/images/guide/payments/privacy/[email protected]
diff --git a/assets/images/guide/payments/privacy/coin-join.jpg b/assets/images/guide/payments/privacy/coin-join.jpg
diff --git a/assets/images/guide/payments/privacy/[email protected] b/assets/images/guide/payments/privacy/[email protected]
diff --git a/assets/images/guide/payments/privacy/header.jpg b/assets/images/guide/payments/privacy/header.jpg
diff --git a/assets/images/guide/payments/privacy/[email protected] b/assets/images/guide/payments/privacy/[email protected]
diff --git a/assets/images/guide/payments/privacy/privacy-header-mobile.jpg b/assets/images/guide/payments/privacy/privacy-header-mobile.jpg
diff --git a/assets/images/guide/payments/privacy/[email protected] b/assets/images/guide/payments/privacy/[email protected]
diff --git a/assets/images/guide/payments/privacy/privacy-preview.jpg b/assets/images/guide/payments/privacy/privacy-preview.jpg
diff --git a/guide/payments/introduction.md b/guide/payments/introduction.md
@@ -46,9 +46,9 @@ An introduction to how receiving and requesting bitcoin works.
 
 ---
 
-### Transaction privacy (coming soon)
+### [Transaction privacy]({{ '/guide/payments/privacy/' | relative_url }})
 
-An overview of how to help users maintain their financial privacy while using Bitcoin.
+An overview of how to help users maintain transaction privacy with Bitcoin.
 
 ---
 

diff --git a/guide/payments/privacy.md b/guide/payments/privacy.md
@@ -0,0 +1,147 @@
+---
+layout: guide
+title: Transaction privacy
+description: An overview of how to help users maintain their financial privacy while using Bitcoin.
+nav_order: 4
+parent: Payments
+permalink: /guide/payments/privacy/
+main_classes: -no-top-padding
+image: /assets/images/guide/payments/privacy/privacy-preview.jpg
+---
+
+{% include picture.html
+    image = "/assets/images/guide/payments/privacy/header.jpg"
+    retina = "/assets/images/guide/payments/privacy/[email protected]"
+    mobile = "/assets/images/guide/payments/privacy/privacy-header-mobile.jpg"
+    mobileRetina = "/assets/images/guide/payments/privacy/[email protected]"
+    alt-text = "Illustration of an eye, with a cross on top of an ink blot background"
+    width = 1600
+    height = 600
+    layout = "full-width"
+%}
+
+
+# Transaction privacy
+
+<!--
+This page should inform about what information is made public when sending or receiving, how the application can help minimize unnecessary privacy leaks, basic application functionality to help, and when we can, more advanced options.
+
+- Single-use addresses (avoiding address reuse)
+- Coin selection / labelling
+- Coin join / Pay join
+
+@TODO: address reuse / there should be something in here about also mindfully not giving the same unused address to different persons
+@TODO: address reuse / write glossary term about Gap limit  
+-->
+
+It’s a common misconception that Bitcoin payments are anonymous. Instead, they can be referred to as pseudonymous, this means that who owns a freshly generated addresses is not public knowledge. Unless your ownership is revealed, whether directly by yourself or indirectly by some third-party you are able to remain anonymous.
+
+Transactions, their signatures, and addresses added to the Bitcoin blockchain remain public forever. This means that looking up any address or transaction is trivial, as demonstrated by going back to the very first block mined on [January 3, 2009](https://blockstream.info/tx/4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b).
+
+While all transactions are public, there is no personal identification about the address owners stored on the blockchain itself.
+
+> Each Bitcoin transaction contains at least one input and at least one output. This means that once a single address is known, there is a trail to follow the bitcoin.
+>
+> <cite>As documented by <a href="https://docs.wasabiwallet.io/FAQ/FAQ-GeneralBitcoinPrivacy.html#how-is-bitcoin-bad-in-terms-of-privacy">Wasabi Wallet</a></cite>
+
+The key to keeping your transactions private is to prevent others from determining which addresses you own[^2]. Since Satoshi let others know that they had mined the first block, which contained a single transaction, one can deduce that both the address that received the block reward and the sender address in the transaction belongs to Satoshi. This illustrates the permanence of associations between addresses and identity. While it's possible to break assumptions of ownership going forward, the challenge is to recover privacy once an association is made public. That being said, in this case the pseudonym “Satoshi Nakamoto” has yet to be associated with any personal identity.
+
+<!-- TODO: add graphic and heading that demonstrate points of compromise when transacting with bitcoin -->
+
+## Methods to preserve privacy
+
+There are many ways your identity might get connected to your addresses[^1],so keeping Bitcoin payments private takes diligent work but is not impossible. Let’s explore some practices that help preserve privacy of your users' Bitcoin payments.
+
+<!-- talk about the problem as you are talking about the solution -->
+
+### Generate a new address for each payment
+
+A new address should be generated by the wallet application any time the user wants to receive bitcoin. This is achieved by using [HD Wallets]({{ "/guide/glossary/#hd-wallet" | relative_url }}), a standard in modern Bitcoin applications that can generate and manage an infinite number of addresses without revealing their common root. This allows each incoming transaction to use a new address that is unconnected to any other in the wallet, making it difficult to associate with the owner.
+
+Address re-use degrades the privacy of both the [sending](/guide/payments/send/) and [receiving](/guide/payments/receive) parties. Re-using an address on the receivers side means that anyone with whom that address is shared can see previous payments and the amount of bitcoin controlled by that address.
+
+> If bad actors can see your income, holdings, and spending, they can use this information to [target and exploit you](https://docs.wasabiwallet.io/why-wasabi/TransactionSurveillanceCompanies.html#attempt-to-invade-privacy)
+
+By _sending_ to an address that is being reused, the sender is now traceable and connected to any previous transactions the receiver has made with that address. This increases the risk of exposure to an adversary.
+
+<!--
+TODO: Link / mention gap limit
+TODO: Graphic / consider how to get the ui generating multiple addresses. make it easy for the user to not fail
+
+> ###### Worked Example 1 - Savings Revealed
+> * You save in bitcoin, using a single-address paper wallet.
+> * All your bitcoin savings to this same address, let's say it contains $1 million worth.
+> * You buy a small amount of bitcoins to add to your savings, depositing in the paper wallet.
+> * The person who sold you the bitcoins follows their trail on the blockchain and finds your paper wallet containing $1 million.
+> * He mentions it to someone in a cafe or bar.
+> * Word gets around. A burglar raids your home. Kidnappers capture your children and know exactly how much to demand in ransom.
+
+-->
+
+
+{% include fact/dos.html %}
+- Generate a new address any time the user wants to receive bitcoin
+- Make it easy to generate as many addresses as the receiver needs
+- Warn the user if an address has already been used before broadcasting a transaction
+{% include fact/close.html %}
+
+{% include fact/donts.html %}
+- Make it easy to reuse an address.
+{% include fact/close.html %}
+
+### Keep track of who knows about an address
+
+<div class="center" markdown="1">
+
+{% include image.html
+   image = "/assets/images/guide/payments/privacy/address-labeling.jpg"
+   retina = "/assets/images/guide/payments/privacy/[email protected]"
+   alt-text = "A list of addresses with tags. Two are red, two are purple and one is blue"
+   width = 400
+   height = 400
+   layout = "float-right-desktop"
+   caption = "Labeling of receiving addresses can help minimize privacy leaks when spending the coins in the future."
+%}
+
+If the application supports it, the user can [add additional details]({{ "/guide/payments/receive/#inputting-additional-payment-details" | relative_url }}) to a payment when receiving bitcoin. This practice is often called address labeling. Not only does this help to remember what payments were for, it also enables preventative measures for preserving privacy. Labeling receiving addresses([UTXOs]({{ "/guide/glossary/#unspent-transaction-output-utxo" | relative_url }})) with the sender's name can inform decisions for which UTXOs are selected as inputs in future transactions, this is often referred to as [coin control]({{ "/guide/glossary/#coin-control" | relative_url }}).
+
+Some applications make it possible to filter UTXOs by label to make such selections easier.
+
+
+</div>
+
+### Increase anonymity by collaborating with others
+
+<div class="center" markdown="1">
+
+{% include image.html
+   image = "/assets/images/guide/payments/privacy/coin-join.jpg"
+   retina = "/assets/images/guide/payments/privacy/[email protected]"
+   alt-text = "Example CoinJoin transaction with 3 participants with 1 input each, which get broken up into 5 equal outputs."
+   width = 400
+   height = 400
+   layout = "float-right-desktop"
+   caption = "CoinJoin transactions attempt to make payments more private by mixing inputs from many senders and outputs to many receivers."
+%}
+
+[CoinJoins]({{ "/guide/glossary/#coinjoin" | relative_url }}) is an advanced technique where multiple participants collaborate on a transaction to break the "common input ownership" heuristic[^3], which assumes that all inputs in a transaction likely belong to the same owner. In a CoinJoin transaction all the outputs tend to be of the same amount. This makes it harder to define which input paid which output, somewhat breaking the absolute traceability of bitcoin transactions. As with any other anonymity network, a large and diverse group of participants will be more effective in disassociating the connections. CoinJoin transactions are not yet widely supported by Bitcoin applications.
+
+Users still have to be mindful of how the UTXOs they received from the CoinJoin are spent. For instance, spending them together in a single transaction would unravel the anonymity gains from participating in the CoinJoin.
+
+</div>
+
+### Design with privacy in mind
+
+Thinking about privacy is critical during the design process. Your users will not have the same level of knowledge of how to use Bitcoin privately.
+
+It is especially important to help them understand any actions that might impact their privacy. Most of the risks occur at the point of creating a transaction or requesting a payment, and we should try to design solutions that reduce the risk of unknowingly degrading privacy.
+
+While there is no perfect solution that will guarantee 100% privacy, try to minimize how much information gets shared to the most essential. Consider ways to inform and prevent user actions that negatively impact their privacy as they use your product.
+
+<!--
+There is no perfect solution to guarantee 100% privacy that lasts forever because things can be revealed over time. Since transactions are forever public, even if all precautions are taken at the time of payment to ensure the highest degree of anonymity, future behaviors of the wallet owner or transacting parties can still degrade previously attained privacy. A high amount of diligence is necessary whenever users are transacting with Bitcoin. The product should be able to guide, inform, and prevent them against privacy degrading actions.
+-->
+
+[^1]: [Bitcoin.org - Protecting your privacy](https://bitcoin.org/en/protect-your-privacy)
+[^2]: [Top Seven Ways Your Identity Can Be Linked to Your Bitcoin Address](https://99bitcoins.com/know-more-top-seven-ways-your-identity-can-be-linked-to-your-bitcoin-address/)
+[^3]: [Bitcoin Wiki / Privacy](https://en.bitcoin.it/wiki/Privacy#Common-input-ownership_heuristic)
diff --git a/guide/payments/receive.md b/guide/payments/receive.md
@@ -217,6 +217,10 @@ If your application has a list of their payment requests or transaction history,
 
 Once the payment has been finalized, consider what the receiver may want to do with those funds. You may want to help facilitate those follow-up activities, for example moving the funds to a shared multi-key wallet or doing a [coinjoin]({{ '/guide/glossary/#coinjoin' | relative_url }}).
 
+---
+
+Let's go, time go dive in a bit deeper with [Transaction privacy]({{ "/guide/payments/privacy" | relative_url }}).
+
 <!--
 On /guide/payments/send/#inputting-an-address
 Add below as Do's & Don'ts