Yes, address reuse is bad for your privacy. It’s the easiest way to lose privacy when transacting with Bitcoin. Until a bitcoin user understands this, their privacy remains out of their control while jeopardizing the privacy of others transacting with them.
A bitcoin address can be likened to a digital “invoice” used to accept payment on the blockchain. It acts as an intended destination for payment on the blockchain. An address is generated from a wallet in the form of a string of 26-35 characters and is shared with the party who intends to pay you in bitcoin. Any funds sent to an address are under the control of its originating bitcoin wallet.
Address reuse is when a user uses one address for more than one transaction. But what makes address reuse so bad for privacy? What risks does it extend to other users transacting with you?
To bring the matter to light it’s useful to understand what happens under the hood when we reuse an address.
Many users are now getting familiar with the fact that bitcoin transactions are stored on a public ledger which acts like an open receipt book containing all inbound and outbound transactions from all addresses. Anyone can view transactions associated with an address even without sophisticated tools, for example here. However, the only information a viewer can get is the bitcoin transacted into and out of an address.
When you pay or receive bitcoin, the address(es) associated with the transaction can be viewed. However, due to the pseudonymous nature of bitcoin addresses, this is not enough information to reveal the real-world identity of a user.
Despite the anonymity offered, bitcoin addresses only act as an alias involved in a transaction on the blockchain. It takes a single transaction to reveal enough information about the identity of the user and every transaction associated with an address opens a door to traceability. With each transaction, more information about the user is revealed and available for possible real-world identification.
Users transacting with addresses belonging to users whose privacy has been compromised risk losing their privacy through association. One address reuse is enough to give away your privacy even years after it’s long-forgotten because the blockchain is immutable. Once on the blockchain, forever on the blockchain.
Address reuse is intentional when a user only uses one address to receive and store unspent coins. Such cases may be due to habit, the need to maintain trust, or availability. An example of such address reuse happens on exchanges and donation addresses. As bitcoin users, we may also intentionally send bitcoin to the same address to others resulting in address reuse. This type of address reuse is the most rampant affecting half of all bitcoin users.
For some use cases, address reuse may happen when a user owns a single address wallet or paper wallet. Single address wallets are meant to offer convenience and ease to the users by generating a single address that is meant to receive and store their unspent change. In the case where a user prefers privacy, they are better suited to using Deterministic Address Pool Wallets that generate new addresses for new transactions. Paper wallets, on the other hand, may always require the user to be physically present to make a transaction.
Addresses are designed to receive bitcoin and are supposed to be disposable with every use. When the address is reused, the owner’s balance user is open on the ledger. As a business or individual using bitcoin to receive payments, the amount of revenue or balance may always be known if it is tied to one address. Unless your money matters are meant to be public, reusing an address will always make sure your balances are open for everyone to see.
With a discovered identity associated with an address, the user faces the risk of censorship. For example, an address observed donating funds to an activist may be blacklisted from exchanges, and addresses sending funds to the activist may risk being targeted as adversaries in dictatorial states.
Address reuse facilitates surveillance. If you transact with one address, it is easy to generate a relationship graph of who you transact with, where your money goes and who you receive it from. Every single piece of your financial information will be ushering you into the arms of many surveilling organizations that are always analyzing and tracking transactions on the public ledger. Despite the distance between conspiracy and fact about the level of surveillance on bitcoin, it’s important to understand that present technology is potent in allowing full deanonymization of bitcoin transactions. A little more effort is required by a user to be free from such surveillance but changing addresses does enough to keep your transactions hard to trace.
With all the apparent risks that address reuse poses to privacy, transacting with a new address for every transaction is about care, that the amount of privacy you have is transmissible to every user you transact with. It’s not necessary to understand the intricacies of bitcoin to use the technology safely. Picking a good wallet that allows you to generate fresh addresses for every new transaction is good enough. Bitcoin allows us the generation of new addresses whenever we need them. This feature was meant to preserve anonymity. All coins sent to every address generated are always under our control meaning we can transact with as many addresses as we need. The convenience of reusing addresses has the price of privacy.
