Does BIP 75 Really Threaten Bitcoin’s Fungibility?
On Wednesday, the Bitcoin community went into a tizzy over BIP 75 (BIP stands for Bitcoin Improvement Proposal) which is, in short, a layer-2 protocol for improving the user friendliness of Bitcoin payments.
The community, especially on Reddit, is concerned that the option to identify oneself to the sender or receiver of a payment may lead down the road toward know your customer (KYC) and anti-money laundering (AML) restrictions on the Bitcoin protocol. The hysteria around this proposal appears to have emerged from a post made by Bitcoin Core contributor Peter Todd to the Bitcoin development mailing list.
What Is BIP 75?
Before getting into the controversy, it’s important to understand the details of BIP 75. Bitcoin Magazine reported on the proposal’s ability to simplify wallets for the average Joe earlier this year, but here are the key points:
- BIP 75 attempts to solve some of the privacy and security concerns with the Payment Protocol, which was outlined by former Bitcoin Core lead maintainer, Gavin Andresen and former Bitcoin developer, Mike Hearn in BIP 70.
- Unlike BIP 70, BIP 75 features end-to-end encryption.
- Human-readable names can be used to make the payment process more user-friendly and create a Venmo-esque experience in Bitcoin wallets.
What Are the Concerns With BIP 75?
There are currently two separate concerns with BIP 75 being discussed in the Bitcoin community. For one, some people believe that this BIP could make it easier to trace Bitcoin payments to real-world identities or simply streamline KYC and AML compliance for Bitcoin. The other issue is whether this BIP should be included in the main BIPs section of the Bitcoin Core GitHub repository.
“I'd strongly argue that we remove BIP 75 from the BIPs repository and boycott wallets that implement it,” Peter Todd recently stated on the Bitcoin development mailing list. “It's bad strategy for Bitcoin developers to willingly participate in AML [and] KYC [compliance], just the same way as it's bad for Tor to add wiretapping functionality and W3C to support DRM tech. The minor tactical wins you'll get [out] of this aren't worth it.”
A Reddit thread linking to that post on the Bitcoin development mailing list was quickly filled with calls for a boycott on Breadwallet.
Bitcoin Magazine reached out to Todd to gain a clearer picture of his thoughts on the matter. In terms of whether the BIP should be removed from the Bitcoin Core GitHub repository, Todd said, “I think we should remove it because, like it or not, we are putting a stamp of approval on it, to a degree.”
Some others, such as Bitcoin Core contributor Pieter Wuille, believe a removal would amount to censorship; however, Todd also pointed out that, in the past, a proper BIP for a colored coins standard has also been denied access to the GitHub repo.
When it comes to the issues he sees with BIP 75 more generally, Todd said, “BIP 75 institutionalizes [regulatory compliance] in a convenient way that everyone can easily use and expect. We should comply with AML [and] KYC [regulations] only grudgingly.
“In much the same way that we have the threat of Tor nodes keeping logs; we don't help that process by creating a standard for those logs,” Todd added.
To Todd’s point, BIP 75 does make it easier for companies (financial in nature or not) to collect data on their customers. While the threat of a government forcing normal retailers to collect identifying information about customers who use Bitcoin always existed, BIP 75 has the potential to streamline this process.
During his conversation with Bitcoin Magazine, Todd made it clear that he’s more concerned with senders of bitcoins identifying themselves than the recipients of those funds. “The part of BIP 75 that's about determining who you're sending money to isn't objectionable, just the idea of trying to figure out who is actually sending the funds,” he stated.
Those who disagree with Todd would point out that BIP 75 is a completely opt-in protocol. To this point, Todd responded, “Blacklists can also be implemented in an ‘opt-in’ way; that doesn't mean we should support the concept.”
BIP 75 Author Responds
Bitcoin Magazine also reached out to one of the authors of BIP 75, Netki CEO Justin Newton. One of the first things Newton was able to clarify was that the personally-identifying information sent in the payment protocol can be seen only by the sender and receiver involved in a particular transaction.
“We actually added another layer of encryption (at the application layer) as a way to protect against the data being man-in-the-middled,” said Newton.
According to Newton, a BIP 75 user does not even have to trust his or her own phone or laptop to keep payment info private when a hardware wallet is used.
Newton also shares similar concerns to Todd and others in terms of a potential slippery slope toward AML and KYC compliance on the vast majority (if not all) of Bitcoin transactions.
“I actually share their concern, but it led me to a different conclusion,” said Newton. “My view was that AML and KYC compliance is going to be required if we want to get to the mass market and we need to ensure it is done in a way that fundamentally protects fungibility, privacy and the open, permissionless nature of Bitcoin. In the absence of a standard that encourages those values, we will end up with hidden systems that do exactly the same thing, but without taking the concerns of the community into account.”
Judging from a Reddit comment by Breadwallet CEO, the wallet maker is not interested in BIP 75 for regulatory compliance reasons. Instead, Breadwallet is mostly interested in the proposal for reasons related to the user-friendliness (or lack thereof) of Bitcoin wallets. BIP 75 enables useful features that are found in more mainstream payment applications (think Venmo) such as human-readable transaction logs and address books. It’s also possible for users to manually track their transaction history on their own, but BIP 75 greatly simplifies the process.
So, Is BIP 75 a Worrisome Proposal?
The BIP 75 debate ties in with many of the other Bitcoin debates that have taken place over the years. Does the community want privacy and security or easy-to-use wallets? Is it worth abandoning some of the early principles of the network in order to seek mass adoption?
In this case, it appears that not much of a trade-off is being made by individuals who wish to use BIP 75-enabled wallets. All of their personal information is end-to-end encrypted and they aren’t likely giving up much (if any) information that wouldn’t already be known by the recipient of a transaction. Also, it’s important to remember that this is a layer-2, opt-in protocol.
Having said that, it’s always important for the Bitcoin community to remain vigilant against attempts to apply traditional financial regulations to the Bitcoin blockchain. After all, Bitcoin’s core value proposition is the ability to transfer value across the internet in a censorship-resistant manner. The people who need Bitcoin as a payment system are those who would normally be blocked from other, traditional systems such as PayPal or credit cards.
It appears that BIP 75 is not a huge move in the wrong direction, but all Bitcoin users should refrain from attaching identifying information to their transactions as often as possible. In addition to that, it wouldn’t hurt to focus on the real problem, which is the need for enhanced privacy features.
Responding to the concerns, Breadwallet Director of Product Management James MacWhyte told Bitcoin Magazine:
"BIP75 puts users in total control of how much information they share and who they share it with. Some people may not realize that you will always be able to choose to share no information and remain anonymous. It is a huge improvement in privacy, and an essential building block in making Bitcoin more accessible and powerful.
"Avoiding address reuse is important for maintaining privacy and security, yet having to manually send a new address every time you want to receive money is cumbersome and inconvenient. We wanted to automate that process, but if your wallet gave out an address to anyone who asked your privacy would not be protected. That’s why we designed BIP75, which will allow us to automatically give out payment addresses only to the people you trust. It is a huge improvement in privacy, and an essential building block in making Bitcoin more accessible and powerful.
"Breadwallet is working hard to make Bitcoin as easy as possible, without jeopardizing our top two priorities: security and privacy for all our users. We will never require personal information in order to use our wallet."