Create transaction privacy page #175

_compress_images_cache.yml

@@ -944,3 +944,12 @@ assets/images/guide/getting-started/visual-language/[email protected]
 assets/images/guide/getting-started/visual-language/bitcoin-visual-language.jpg: bitcoin-visual-language.jpg
 assets/images/guide/getting-started/visual-language/[email protected]: [email protected]
 assets/images/guide/getting-started/visual-language/bitcoin-visual-language-mobile.jpg: bitcoin-visual-language-mobile.jpg
+assets/images/guide/payments/privacy/header.jpg: header.jpg
+assets/images/guide/payments/privacy/address-labeling.jpg: address-labeling.jpg
+assets/images/guide/payments/privacy/[email protected]: [email protected]
+assets/images/guide/payments/privacy/[email protected]: [email protected]
+assets/images/guide/payments/privacy/privacy-header-mobile.jpg: privacy-header-mobile.jpg
+assets/images/guide/payments/privacy/[email protected]: [email protected]
+assets/images/guide/payments/privacy/coin-join.jpg: coin-join.jpg
+assets/images/guide/payments/privacy/[email protected]: [email protected]
+assets/images/guide/payments/privacy/privacy-preview.jpg: privacy-preview.jpg

guide/payments/introduction.md

@@ -46,7 +46,7 @@ An introduction to how receiving and requesting bitcoin works.
 
 ---
 
-### Transaction privacy (coming soon)
+### [Transaction privacy]({{ '/guide/payments/privacy/' | relative_url }})
 
 An overview of how to help users maintain their financial privacy while using Bitcoin.
 

guide/payments/privacy.md

@@ -0,0 +1,143 @@
+---
+layout: guide
+title: Transaction privacy
+description: An overview of how to help users maintain their financial privacy while using Bitcoin.
+nav_order: 4
+parent: Payments
+permalink: /guide/payments/privacy/
+main_classes: -no-top-padding
+image: /assets/images/guide/payments/privacy/privacy-preview.jpg
+---
+
+{% include picture.html
+    image = "/assets/images/guide/payments/privacy/header.jpg"
+    retina = "/assets/images/guide/payments/privacy/[email protected]"
+    mobile = "/assets/images/guide/payments/privacy/privacy-header-mobile.jpg"
+    mobileRetina = "/assets/images/guide/payments/privacy/[email protected]"
+    alt-text = "Illustration of an eye, with a cross on top of an ink blot background"
+    width = 1600
+    height = 600
+    layout = "full-width"
+%}
+
+
+# Transaction privacy
+
+<!--
+This page should inform about what information is made public when sending or receiving, how the application can help minimize unnecessary privacy leaks, basic application functionality to help, and when we can, more advanced options.
+
+- Single-use addresses (avoiding address reuse)
+- Coin selection / labelling
+- Coin join / Pay join
+
+@TODO: address reuse / there should be something in here about also mindfully not giving the same unused address to different persons
+@TODO: address reuse / write glossary term about Gap limit  
+-->
+
+It’s a common misconception that Bitcoin is anonymous. Instead, it should be referred to as pseudonymous, which means that each address you generate is like a new identity. Unless your ownership is revealed, whether directly by yourself or indirectly by some third-party you are able to remain anonymous.
+
+Transactions, their signatures, and addresses after they are mined remain public on the ledger forever. However, there is no personally identifiable information attached to transactions on the blockchain. The transparent property of the blockchain allows anyone to easily verify the amount of bitcoin in existence, which means it also makes looking up any address or transaction trivial. This can be demonstrated going back to the first block on [January 3, 2009](https://blockstream.info/tx/4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b).
+
+> Each Bitcoin transaction contains at least one input and at least one output. This means that once a single address is known, there is a trail to follow the bitcoin.
+> 
+> <cite>As documented by <a href="https://docs.wasabiwallet.io/FAQ/FAQ-GeneralBitcoinPrivacy.html#how-is-bitcoin-bad-in-terms-of-privacy">Wasabi Wallet</a></cite>
+
+The key to keeping your transactions private is to prevent others from determining which addresses you own[^3]. Satoshi let others know they mined the first block, which contained just one transaction, with the block reward getting sent to their address. This illustrates the possible permanence of association between an address and an identity. That being said, the pseudonym “Satoshi Nakamoto” also contributes to further anonymity. While it's possible to break assumptions of ownership going forward, the challenge is to recover privacy once an association is made public.
+
+<!-- TODO: add graphic and heading that demonstrate points of compromise when transacting with bitcoin -->
+
+## Methods to preserve privacy
+
+Keeping private takes constant and diligent work but is not impossible to ensure an acceptable level of privacy[^1]. Let’s explore some methods and practices that help preserve privacy on a transaction level.
+
+<!-- talk about the problem as you are talking about the solution -->
+
+### Generate a new address for each payment
+
+Creating new online personas is not the only way to preserve privacy. A new address can be generated by the wallet application used to receive bitcoin. This is achieved using [HD Wallets]({{ "/guide/glossary/#hd-wallet" | relative_url }}), a standard for how private keys get generated in modern Bitcoin applications. This allows each transaction not to be tied to a single address, making it difficult to associate with to the owner.
+
+Using the same address multiple times does not only degrade the privacy of just one transacting party. Both the [sender](/guide/payments/receive) and [receiver](/guide/payments/receive) are put at risk.
+
+> If thieves can see your income, holdings, and spending, they can use this information to target and exploit you[^2]
+
+On the receiver’s side, by using a single address, the sender or anyone with whom the address is shared can see the previous activity and the amount of bitcoin controlled by the owner. By _sending_ to an address that is being reused, assuming an adversary uncovers the identity behind the owner there is now a single point for them to reach anyone else who has transacted with the address.
+
+<!--
+TODO: Link / mention gap limit
+TODO: Graphic / consider how to get the ui generating multiple addresses. make it easy for the user to not fail 
+
+> ###### Worked Example 1 - Savings Revealed
+> * You save in bitcoin, using a single-address paper wallet.
+> * All your bitcoin savings to this same address, let's say it contains $1 million worth.
+> * You buy a small amount of bitcoins to add to your savings, depositing in the paper wallet.
+> * The person who sold you the bitcoins follows their trail on the blockchain and finds your paper wallet containing $1 million.
+> * He mentions it to someone in a cafe or bar.
+> * Word gets around. A burglar raids your home. Kidnappers capture your children and know exactly how much to demand in ransom.
+
+-->
+
+
+{% include fact/dos.html %}
+- Show a new unused address when the receive screen is entered.
+- Make it easy to generate as many addresses as the receiver needs at a time.
+- Before broadcasting a transaction, inform senders if an address is already used.
+{% include fact/close.html %}
+
+{% include fact/donts.html %}
+- Make it easy to reuse an address.
+{% include fact/close.html %}
+
+### Keep track of who knows about an address
+
+<div class="center" markdown="1">
+
+{% include image.html
+   image = "/assets/images/guide/payments/privacy/address-labeling.jpg"
+   retina = "/assets/images/guide/payments/privacy/[email protected]"
+   alt-text = "A list of addresses with tags. Two are red, two are purple and one is blue"
+   width = 400
+   height = 400
+   layout = "float-right-desktop"
+%}
+
+When [receiving bitcoin]({{ "/guide/payments/receive/" | relative_url }}) we can [add additional details to a payment]({{ "/guide/payments/receive/#inputting-additional-payment-details" | relative_url }}). Not only does this help to contextualize payments, but it also enables preventative measures for preserving privacy. Labeling addresses with the counterparty's name involved in each transaction can inform decisions for which [UTXOs]({{ "/guide/glossary/#unspent-transaction-output-utxo" | relative_url }}) are selected in future transaction inputs.
+
+To make this UTXO selection easier, some interfaces make it possible to select/filter UTXOs that cluster under one label.
+
+_Check out the glossary to learn more about [how coin control works]({{ "/guide/glossary/#coin-control" | relative_url }})._
+
+</div>
+
+### Increase anonymity by collaborating with others
+
+<div class="center" markdown="1">
+
+{% include image.html
+   image = "/assets/images/guide/payments/privacy/coin-join.jpg"
+   retina = "/assets/images/guide/payments/privacy/[email protected]"
+   alt-text = "Example CoinJoin transaction with 3 participants with 1 input each, which get broken up into 5 equal outputs."
+   width = 400
+   height = 400
+   layout = "float-right-desktop"
+%}
+
+The "common input ownership" heuristic[^4] assumes in a transaction, it is likely that all inputs belong to the same owner. [CoinJoins]({{ "/guide/glossary/#coinjoin" | relative_url }}) is a technique where multiple participants collaborate on a transaction to break this heuristic. It becomes more difficult (although not impossible) to determine the individuals who own the outputs are since all the outputs typically have the same denomination. With CoinJoins, as with any other anonymity network, a large and diverse group of participants provides the best protection.
+
+Users still have to be mindful of how the UTXOs they received from the CoinJoin are spent. For instance, spending them together in a single transaction would unravel the anonymity gains from participating in the CoinJoin.
+
+</div>
+
+### Design with privacy in mind
+
+Thinking about privacy is critical during the design process. Your users will not have the same level of knowledge of how to use Bitcoin privately. It becomes especially important for them to understand the implications of their privacy degrading actions which often occur at the point of creating a transaction or requesting a payment. When managing funds 
+
+While there is no perfect solution that will guarantee 100% privacy, try to minimize how much information gets shared to the most essential. Also, consider ways to inform and prevent user actions that negatively impact their privacy as they use your product.
+
+<!--
+There is no perfect solution to guarantee 100% privacy that lasts forever because things can be revealed over time. Since transactions are forever public, even if all precautions are taken at the time of payment to ensure the highest degree of anonymity, future behaviors of the wallet owner or transacting parties can still degrade previously attained privacy. A high amount of diligence is necessary whenever users are transacting with Bitcoin. The product should be able to guide, inform, and prevent them against privacy degrading actions.
+-->
+
+[^1]: [Bitcoin.org - Protecting your privacy](https://bitcoin.org/en/protect-your-privacy)
+[^2]: [Wasabi Wallet Docs - Transaction Surveillance Companies](https://docs.wasabiwallet.io/why-wasabi/TransactionSurveillanceCompanies.html#attempt-to-invade-privacy)
+[^3]: [Top Seven Ways Your Identity Can Be Linked to Your Bitcoin Address](https://99bitcoins.com/know-more-top-seven-ways-your-identity-can-be-linked-to-your-bitcoin-address/)
+[^4]: [Bitcoin Wiki / Privacy](https://en.bitcoin.it/wiki/Privacy#Common-input-ownership_heuristic)

guide/payments/receive.md

@@ -217,6 +217,10 @@ If your application has a list of their payment requests or transaction history,
 
 Once the payment has been finalized, consider what the receiver may want to do with those funds. You may want to help facilitate those follow-up activities, for example moving the funds to a shared multi-key wallet or doing a [coinjoin]({{ '/guide/glossary/#coinjoin' | relative_url }}).
 
+---
+
+Let's go, time go dive in a bit deeper with [Transaction privacy]({{ "/guide/payments/privacy" | relative_url }}).
+
 <!--
 On /guide/payments/send/#inputting-an-address
 Add below as Do's & Don'ts