Related:

https://github.com/bitcoin/bitcoin/issues/6568
aling-with-malleability-has-been-implemented
12a5a07890/src/clientversion.h
- --
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn

Better late than never, I should correct things here. In the future it
would probably be more productive to open an issue. Otherwise there is
no mechanism for someone to take ownership of a response.

On Sun, Aug 30, 2015 at 7:45 PM, Kristov Atlas via bitcoin-dev
The ordering used by Bitcoin-QT is cryptographically randomized. This
provides the greatest privacy possible.

The BIP 69 recommendation would currently be equally as private if
universally used, but today would reduce privacy by making the
software more distinguishable. It is unclear if BIP69 will be equal
in privacy in the future, because external infrastructure may impose
ordering requirements that are incompatible with it.
BIP 62 is withdrawn. The useful mechanisms in it for standardness
rules are, of course, implemeted in Bitcoin Core-- were invented
there, and have been there for years.
It's unclear to me precisely what is meant here. I'll answer broadly.

Bitcoin Core is compatible with and can be used with the joinmarket
module to include coinjoins. The raw transaction functionality in
Bitcoin Core was also created specifically to facilitate coinjoins.
Beyond joinmarket there have been several other coinjoin modules
created for Bitcoin Core though today JM is by far the most common,

This functionality is not directly implemented for a number of reasons
including the non-existence of decenteralized tools for this that
don't harm the user's privacy in other ways.
Skipped as these are specific to the implementation in use.
As Kristov noted, Bitcoin Core does not implement anti-features like donations.
Optionally, but in all cases the user's privacy is indistinguishable
from keeping all the data locally.
It would be more correct to say that Bitcoin Core always has the
highest possible FP rate. It uses the only currently available tool
to avoid leaking private address information to indexing services. As
several academic studies have shown, bloom filters are completely
inadequate for protecting user privacy.
I user that has downloaded a bootstrap.dat is indistinguishable from
any other user on the network; their transaction anonymity set is not
reduced in any way by doing this. By running bitcoin at all they are
distinguished from other people who do not, but thousands of hosts run
Bitcoin without even having a wallet.
To be clear: This is N/A because there are no queries that would leak
private information about the user's wallet.
Yes. Because the Bitcoin Core downlaods all information, the third
parties cannot correlate responses.
Bitcoin Core does make remote queries to obtain "balance information",
but it can be directed to perform all commmunications via tor, before
starting it as noted.
Bitcoin Core can simultaneously connect to both Tor hidden services
and the public IPv4 network for improved partitioning resistance (and
has been able to for years). Instead of setting the socks proxy, the
user configures onion=<tor proxy>.

As of 0.12 inbound tor HS is also auto-configured by default when tor
is installed.
All network connections are independent via Tor by default, no manual
change is required there. Separate "identities" do require separate
wallets, as noted.
No it does not and cannot. Freedom from this kind of leak is one of
the benefits of the current design that doesn't allow intermixing
"identities" in wallets.
However, unlikely most other wallets, Bitcoin nodes forward
transactions for third parties and do not make external queries for
private information. Because of this the ability to correlate a
particular node connection multiple times does not necessarily leak
anything about wallet usage.
This assumption is incorrect. All the private wallet state is stored
in the wallet. If the wallet is changed the node does know any of them
anymore. There is no ability to open a new wallet without restarting
the software.

That said, Bitcoin Core normally relays transactions for third
parties-- unlikely virtually all other wallets. This means that where
observation of a transaction from another wallet would give a nearly
guaranteed identification that the system on the other end of the link
is the source, with Bitcoin Core sending a transaction is merely
potentially suggestive of origination.
After review and testing we've determined that reliable deletion of
private data is not very feasible on current hardware/OSes. Techniques
which used to work, like overwriting are defeated by write balancing.
We recommend users use OS level encryption to protect their privacy
locally.
Right.
Not for normal transactions. Bitcoin Core currently supports payment
URIs and BIP70, and if a user follows a payment URI it may instruct
the user to make a connection to a location requested by the payee.
Kind of. If a Bitcoin Core node already knows of peers through prior
operation and is able to get at least two network connections within
11 seconds, it will make no further queries.

If a node is completely new and hasn't been otherwise configured; it
will perform four DNS queries to determine lists of candidate nodes.
These queries are frequently answered by caching name servers and do
not go all the way back to their origins. Only if both of these step
fail does it consult a hardcoded list of several hundred nodes to
attempt initialization.

That said, Bitcoin traffic is easily identifiable regardless of how
peers are found. We recommend users run Tor, and if tor is used no
identifiable traffic should happen, except for timing/volume analysis.
And many parties run Bitcoin Core nodes without running wallets; so
the use of Bitcoin does not identify a user as even having a wallet at
all.
Bitcoin Core is this questions _definition_ of an unremarkable useragent.

But yes, the useragent notes the major/minor version. Concealing this
would have little to no privacy advantage, as functional/behavioral
analysis would easily reveal the version with at least that level of
precision.
If uninstall deleted the wallet it would reliably result in massive
funds loss for users.

To conceal their user of Bitcoin users should at a minimum do a
security erase of their system.

Other wallets who claim to "delete" private information which was
previously stored on disk are likely giving their users a false sense
of security. Doubly so in that many other wallets are written in
dynamic lanaguages which make it impossible to prevent highly secret
data from being written to system swap.
I believe any software which claimed to do this would have to meet a
rather high burden of proof.
Correct. And unlike some other Wallets the KDF used to harden the
users key takes 100ms with efficient native code; this substantially
limits attacker brute for performance.
We recommend users use full disk encryption. Encrypting the public
data in the wallet would require the wallet to enter their key at
every use and increase the probability that their key was leaked (or
if two keys were used, that they'd forget their spending key).

Even if the public key information were encrypted, other data on their
computer (browser cache, swap, logs) would likely compromise the
user's privacy, thus the full disk encryption recommendation. Full
disk encryption is a common, easily used tool; and I don't believe any
wallet software that stores data locally can provide strong privacy in
practice without it.
Right. Each wallet file can have it's own single password which
protect spending.
Right.
No telemetry data.
Yes, and a large portion of our user base does their own builds. Our
determinstic build process is also actively audited by a good dozen
parties who post cryptographic signatures of their duplicated builds.