Bitcoins: A Practical Primer, by Yishai

Bitcoins are a new anonymous peer-to-peer digital currency.  It is truly the next big thing in how we can conduct transactions over the internet without any central clearinghouse or bank or government ‘okaying’ our transactions.  I believe Bitcoins will be quite disruptive in how we all do business online.  You can pay anyone directly with Bitcoins, buy products from in Bitcoins (through a reseller), and even take SurvivalBlog’s’ 10-cent challenge in Bitcoins!  Bitcoins have an inherent value and as long as the internet is standing, are here to stay. As of this writing, 1 Bitcoin (or BTC) was selling for $14.  There are many merchants willing to do business online with Bitcoins, and the list keeps on growing.

You can read a lot more about Bitcoins, how they work, their implications and tradeoffs in a great and worthwhile introductory academic paper here.  A few additional introductory sites are: Bitcoin’s homepage, What is Bitcoin?, and Bitcoin FAQs.

There are great sites extolling the virtues of Bitcoin, and James has said to expect an article in the coming months on the positive survival aspects of Bitcoin, but what I found difficult to figure out is how to practically get my hands on some Bitcoins and how to start using them effectively and safely.  After much trial and error, and also many years of online experience, I compiled the following practical ‘how-to’ primer on getting and using Bitcoins.  I will, in detail, explain how to use Bitcoins safely in the second section of this primer.  In the first section, though, I will explain how to safely and anonymously browse the internet, and also how to run a safe computer.

Section 1: It all starts with a secure computer

Firstly, you must secure your computer as much as possible.  It is imperative that you secure your computer against unwanted intruders from the ‘net, or even from babysitters or inquisitive nephews.  The reason this is so important is that all of your bitcoins will be stored in a file called a “wallet” on your computer, and should anyone get their hands on that electronic file, they can easily pilfer all of your bitcoins. 

1) First step: Get a Mac:  I’m just joking (well, sort of).  Basically, Windows machines have a lot more vulnerabilities and are much more enticing targets for hackers.  It is still possible to increase the safety of a Windows machine, but in general, Macs are better.  Linux machines are supposedly even better than Macs, but not very user friendly.  As I don’t know much about Linux, this tutorial will cover only Windows and Macs. (If you already have a Linux box, then you a probably an advanced user don’t need this primer;).

If you have Windows, make sure to update it regularly via the official Microsoft web site here (making sure to select only the imperative security updates, as Microsoft tries to slip in non-essential ‘upgrades’ which only bog down your computer or even checks to see if you use pirated software.  Read each update’s description carefully before downloading and installing them).  Macs also need updating (gasp!).  Click the apple on the top-left of the desktop and go down to ‘Software Updates’.  Deselect all the unneeded updates for regular software, and only choose Mac system or safari updates. 

2) Create a computer log-in password.  This is important for both Windows machines and Macs.  Make sure to create a password for your administrator account, and potentially add a screen-saver lock to relock your computer after some time of inactivity.  (password how-to: Win; Mac)
In addition to a main password, consider setting up new user accounts for your kids (and spouse?) to compartmentalize any potential damage they may cause while playing around on the computer.  Instructions for setting up user accounts are here (win) and here (mac).
(Mac Tip: Encrypt your entire hard drive using the included program FileVault per the instructions here.  It’s an additional security step for when you are logged out, or if your computer physically falls into the wrong hands.  I don’t recommend doing the same thing with a Windows machine due to reliability concerns.)

3) Install Anti-Virus (Windows only).  This shouldn’t be news to you, but if virus scanners are, download Avast (free) here, and install and update it.  Avast has been the best choice in my experience.  The default settings for Avast should be sufficient.  Make sure to stay with the free options during download and install, as they also sell a “pro” version (not necessary).  No anti-virus is needed for Macs (woot!).  Update the definitions and program regularly, or have the program do it automatically (which is the default settings).

Another useful tool to use in addition to Avast is Spybot Search and Destroy (also free).  Spybot has some very useful startup cleaners and other scans which is a nice add-on to keeping your computer even more secure and running well.

4) Install/setup a firewall.  Firewalls help prevent hackers breaking in to your computer from the outside network.  In my opinion, the default Windows firewall is insufficient as it lets through numerous “Microsoft approved” connections without even telling you.  Turn it on anyway (how-to link).  It should help, but if you are an advanced user, you may want to supplement the regular firewall with a third party firewall as an added layer of protection.
The Mac OS default firewall is enough for basic safety from intruders, but you must make sure that it is enabled (here’s how to do that). Once it is enabled, go to the advanced settings and deny access to any strange programs that shouldn’t be accessing the ‘net.  Allow the rest (Firefox, Chrome, etc.)

5) Tor  Nope, we’re still not ready for Bitcoin.  Before starting with Bitcoin, I recommend that you setup and utilize Tor. Using an anonymous currency is less valuable if your transfers and web usage can potentially be tracked.  Tor helps anonymize everything you do on the internet.  Tor is an open-source anonymity project in which your web traffic and requests are encrypted and bounced off of random people across the world until the last ‘bouncer’, or ‘exit node’, requests the actual page you wanted, then encrypts and sends the page back upstream until it reaches your computer.  The theory is that each person in the chain can not see or read the actual web page, nor know where it is ultimately being sent, they are only relaying encrypted gobbledygook.  The last guy in the chain, or ‘exit-node’ is theoretically able to find out the page/data that is being viewed, but as he doesn’t know who actually is getting the page in the end (i.e., you), the anonymity of web surfing is preserved. 

Using Tor effectively is somewhat complicated, but I will walk through it with you with links for further reading and instruction.  It is worthwhile to figure out this step 5 to markedly increase your online safety and anonymity.

5a) Install Tor.  First download the Tor software bundle here (Windows) or here (Mac).  Install the Tor bundle (Win help; Mac help)  Once complete, open Vidalia.  Vidalia is the program that starts up and uses Tor in the background.  Another way of thinking about it is that Vidalia makes using Tor ‘pretty’ and more user-friendly.  So when you need to start up Tor, you really just start up Vidalia which will turn on Tor in the background. (Mac users, use the ‘spotlight’ icon on the top right of the desktop easily find and use the Vidalia app.) Windows users may be having Vidalia start with Windows (default setting).  That’s okay if you’ll use it often, otherwise delete it from your startup folder or use Spybot to remove the startup entry.  Vidalia will still work fully when you start Vidalia manually via the Start menu.

5b) Configure Tor.  Why Tor/Vidalia is a bit tricky to use, is that it’s not enough just to start Vidalia and run Tor in order to remain anonymous.  You must configure your browsers and programs to go through Tor before they go out to the web.  That’s called using a ‘proxy’.  [Tip: to skip to the how-to “final answer”, what is needed is to point all programs/browsers to use the proxy].  There are a few ways of setting up browsers, including the ‘official’ Torbutton on/off switch for Firefox (included with the full installation of Vidalia above), but I recommend to you another convenient method, which uses Goggle Chrome and a nifty proxy “on/off” button. (See the steps and screen shots here). 

Once you are running Vidalia/Tor, and have set up your browser or program to use Tor, you can check that all is in (anonymous) order by going to this site:  (at the Tor’s own web site) and they will let you know if your browser is using Tor correctly or not.

Tip: Occasionally obtain a new identity while browsing.  Right click on the green Tor/Vidalia icon, and select New Identity.  This gets a new Internet address, or an ‘IP’, for you to make it even harder to track usage.

An aside: Online usernames and passwords. Just a quick note on online usernames and passwords.  Make then ‘strong’ i.e., at least 12 characters, and use symbols, numbers, and capital letters too.  Occasionally change your passwords, and don’t get stuck in a rut using the same password across sites.  If someone successfully hacks your Yahoo account, would you want them snooping through your bank, credit card, and online backup sites too?  An additional safety tip is to not use your favorite and usual username (which is usually your e-mail address prefix – i.e., ‘johndoe’ from ‘’.  85% of people use it).  Mix up your usernames.
Practical tip: I know everyone always says to make all of these different passwords and usernames, but who can remember them all?  Why don’t you write them down (gasp!), yes, write them down, and then store them in a safe place (like a safe, cache, or bottom of a grain bucket).  You can practice “safe writing” by storing usernames in one location, and their corresponding passwords in another.  Also, self garble your passwords in an easy to remember manner. An example of this would be to always write down on paper the incorrect password, but with the first two characters at the end, so a password ‘abc123’ becomes ‘c123ab’ written down.

Section 2: Bitcoin-opia

Okay, now we’re into the second section of this primer, and are ready to venture in to the Bitcoin world. 

1) Install Bitcoin client.  First, you must download the Bitcoin client.  Bitcoin is open source, and anyone can write a client.  Few have done so, but by far the most widely used client is this one from (here’s the latest Win / Mac version).  Install the program and then run it once to check it out and to also have it set up your personal digital wallet.

2) Encrypting, hiding and backing up your ‘wallet’:  (Optional) Some people highly recommended that you hide and encrypt your ‘wallet’ so as to increase your money’s safety, and also to allow for easier backup onto a thumb drive or online backup site, if desired.  However, I’m calling this step ‘optional’ as it is fairly advanced, and if done incorrectly, can make your Bit-wealth disappear.  So only mess with this step 2 if you feel comfortable with the instructions found on this web page.

In general, the steps for encrypting and hiding your wallet work by you creating an encrypted drive, in which you can place any sort of files inside of.  This encrypted drive looks like a regular file on your computer, until you ‘Mount’ it, which is a weird way of saying to open the encrypted file and tell your computer to start treating it like a regular hard drive.  In order to mount the drive and decrypt the contents, you will need a password.  Once you are done using the files inside of the drive, you then ‘Unmount’ the drive, returning the drive to its safe, unreadable, encrypted state. 

But again, only do so if you’re comfortable with working with encrypted drives.
In summary, for both Windows and Macs, before you run your Bitcoin client (to send BTC or check on your funds), you (a) mount your encrypted drive (which has your wallet on it), then (b) run and use Bitcoin, then (c) close Bitcoin and unmount your encrypted drive.

Backing up your wallet.  As your money resides on your ‘wallet’, you can copy your entire encrypted drive (containing your wallet) onto an external hard drive or small thumb drive.  Then keep that thumb drive in a safe location (i.e., a safe, or a grain bucket).  You will need to re-backup your wallet if you use Bitcoin a lot and create more than 100 new Bitcoin addresses (see step 4 below),  This is to ensure that restoring your wallet will restore all of your bitcoins.  There are some who recommend storing this encrypted drive online in either Dropbox, or your e-mail account, but I don’t recommend this.  I’m always wary of putting too much faith solely in encryption.  I prefer to encrypt and control access to the file itself (through physical and network security means).  If you store it online, you are at the mercy of your e-mail provider or online storage site for providing physical security to your file, so you are then relying solely on your encryption.  Mileage may vary, and different users may prefer different methods depending on your individual needs.

3) Buying/selling bitcoins.  Now that you are safe, secure, and anonymous online (don’t forget to turn on and check Tor!) you can begin your foray into the real money world of Bitcoin.  There are many ways to purchase Bitcoins (or BTC), but I will tell you the easiest and most inexpensive route that I’ve found for doing so. 
In short, (and I will explain in detail below), you send real money from a real ‘brick and mortar’ bank account to the online payment house Dwolla (step 3a).  From Dwolla, you send those funds to MtGox, the foremost Bitcoin trading center (step 3b).  From within your MtGox account you can then buy and sell Bitcoins using those funds (step 3c).  To effectively use (and anonymize) your newfound Bitcoin stash, withdraw Bitcoins from MtGox into your personal wallet on your computer (step 3d).  You are now free to spend Bitcoins!  In further steps we will discuss how and where to spend and using Bitcoins.  Selling Bitcoins (turning BTC into US$) is performed using the same steps above, just reversing the steps: Deposit BTC into MtGox from your wallet, Sell BTC on MtGox exchange, withdraw dollars to your Dwolla account, then transfer the US$ from Dwolla into your Brick and Mortar Bank.  You have now reentered the legacy and outdated world of finance.

3a) Bank dollars to Dwolla dollars: Set up a account here.  Then add and verify a real bank in order to transfer money in and out of your Dwolla account (links are on the toolbar to the left).  Adding an account is straightforward using your account number and routing numbers found on a paper check.  Verifying your account consists of your waiting for Dwolla to deposit a few cents into your bank account, then you check that bank account and tell Dwolla how much each of the two deposits were.  This whole process takes 1-3 business days until your Dwolla account can be funded for the first time.

Once your account is verified, you can start the process of adding funds to your Dwolla account by clicking on the “Deposit Money” link on the toolbar to the left. Depositing money into Dwolla takes 3-5 business days and is free (unless your bank charges for it, but they shouldn’t be).  Dwolla kindly sends you an e-mail the instant your bank transfer clears, and you will then be ready for step 3b below.
3b) Dwolla dollars to MtGox dollars.  [recent update: you must disable Tor while working on MtGox – they are trying to combat hacking attempts.] Create an MtGox account here.  There are no verification steps (other than a valid e-mail address).  Once you have an account you can “Add Funds” by clicking the Add Funds button on the left side toolbar.  There is a bunch of ways to add funds to your MtGox account, but the easiest/best way is to use Dwolla. MtGox also accepts Liberty Reserve, and even direct international wire transfers, for a fee of 2500 Yen (about $31 today).  Dwolla is the easiest and cheapest ($0.25 each transfer).

While in the “Add Funds” section, choosing the Dwolla method button reveals a link which you can use to transfer Dwolla funds directly (link is next to the words “Account Number”).  There will also be an important memo to include on every transfer from Dwolla to MtGox (MTGOX #xxxxx) so that MtGox knows to which account to credit the incoming transfer.  So, either send your Dwolla funds through the all-in-one link on MtGox’s site, or do it manually from Dwolla’s “Send Money” link to MtGox’s account (812-649-1010) remembering to include the appropriate memo with your account on it (MTGOX #xxxxx).  This step officially takes about 12 hours, but oftentimes it is much faster.
You can also add funds using Bitcoins.  Just send BTC from your computer client to the address listed on the Add Funds page.

Tip: after you’ve sent money to MtGox once, you can have Dwolla automatically pull money from your bank and send it over to MtGox in a single step, making it slightly easier to fund MtGox account.  Do this: from the “Send Money” link in Dwolla, select your bank as the ‘source’ in the drop down menu, and set up the rest of the transfer to MtGox normally.  Dwolla will pull money from your account and send it to MtGox for you. Single-step to get funds in to MtGox!
News Update: MtGox had a few high-value accounts stolen (not from their databases, but from the external users’ computers) which were used in an attempt to manipulate the trading market.  MtGox shut down all trading for about a week, and reversed all illegal trades.  They have since restored all operations, and all prices are very stable subsequent to their reopening (~$14/BTC).  If you still feel too uncomfortable dealing with MtGox, you can use another (much smaller) trading house, Tradehill.  All the same steps in this primer apply, just substituting Tradehill for MtGox.  As I have never done any transaction with Tradehill, I can’t recommend them personally, I just forward their name on by virtue of them being the second largest Bitcoin exchange.

3c) Buying and Selling Bitcoins:  From within MtGox, you can buy or sell Bitcoins (BTC) here or by clicking “Trade” on the toolbar to the left.  Treat the purchase as you would any other commodity, and as James drills into our heads, buy on the dips.  To put it mildly, Bitcoins is a highly volatile commodity, with a price fluctuation range of between $10 and $30 per Bitcoin, in recent weeks.  Since the MtGox security scare, it has been very stable trading around $13-15 per BTC.  In any case, as you are buying Bitcoins for its usability (and not as an investment device), buy them as low as you can, and try not to worry if they fall in price afterwards.  You are paying for the freedom of using and owning a private and anonymous currency, and the premium is in its highly volatile exchange rate. 

(Editor’s note: Part of the beauty of the Bitcoin world is its freedom and lack of regulatory agencies.  But that very freedom unfortunately draws speculators and fraudsters.  Speculators were toying with the exchange rate last month with wide-ranging trades to make money (and were been stopped by MtGox, though).  In addition, fraudsters are inspired to commit nefarious acts because of their inherent anonymity.  I feel that the Bitcoin market will dampen out these crazy speculative price swings over time, and similarly, fraudsters will be discouraged as the Bitcoin community becomes better informed and trained.  As with any cash transaction, Bitcoin payments and purchases are quite final, so take caution as you would any other cash transaction.)

Trades in MtGox are treated like any other stock purchase you may make on an online brokerage house: you enter the amount of bitcoins you would like to buy, and at what price.  There are a bunch of trading charts available by clicking “Trading Tools” on the toolbar to the left.
Don’t worry if your order doesn’t get filled immediately.  The price fluctuations will make it likely that your request will be fulfilled soon.  You can also sell BTC in the same manner, on the same “Trade” page.

MtGox takes a very small commission (0.30%) of every trade, whether you are buying and selling. 
At the top of your MtGox account you will see a running tally of your current balance in Dollars and in Bitcoin.  Those Bitcoin in your account can be transferred to your personal ‘wallet’ on your computer to use them.

3d) Withdrawing Bitcoins (or US$): From your MtGox account, click “Withdraw Funds” on the left toolbar.  Choosing the radio button for Bitcoins as a method of payment, you enter the number of bitcoins you want to withdraw, and also one of your Bitcoin addresses.  Bitcoin addresses are created by your Bitcoin client program on your computer, and you can create as many addresses as you need – they all belong to you.  (See step 4 below for more info on this).  After the transaction clears the online Bitcoin world (no banks are involved! Yay!), it will show up as residing in your wallet from within your Bitcoin program on your computer.  You are now free to use them and pay whomever you’d like, completely anonymously.

4) Using Bitcoins.  The Bitcoin client program should be configured to use Tor to completely (i.e., tell the Bitcoin program to utilize the anonymizing virtues of Tor.  Detailed instructions for doing so are found here (and basically amounts to using a proxy server
The Bitcoin client comes with 100 personal (and anonymous) addresses preprogrammed in to the program, all of which point to you in the virtual internet world.  You can create new ones at any time (Click “Address Book”, then “New Address”), and can create an infinite amount of them. You use these addresses for whenever someone would like to send you money (BTC).  You give them one of your addresses, and they will send you money.  And if you want to send someone money, you can send it to their Bitcoin ‘address’.  These addresses are also used for withdrawing funds (as BTC) from MtGox.  These addresses are unrelated to each other, and an infinite (theoretically) amount of new addresses can be created.  It is recommended by the Bitcoin community to use each address only one time, i.e., one address per transaction, so as not to compromise your anonymity.  The transaction must be ‘cleared’ by the online Bitcoin community (i.e., a significant number of peer-to-peer connections all agree that Peter just paid Paul).  This can take upwards of an hour or two, but if you are willing the sender can pay an extra 0.01 BTC (~$0.20) for preferred processing, which can shorten the transaction time to around ten minutes (you set this value in the settings in your Bitcoin client).

Sending money is also very easy.  You click “Send Coins” in your Bitcoin client program, putting the recipient’s address in the box and the amount you’d like to send.  Click send to send the Bitcoins. That’s it!  And as mentioned before, all Bitcoin transactions are quite final, so take care and double check your amounts before sending.  Treat Bitcoins as you would cash.

How and where to spend Bitcoins.  Besides person-to-person transactions, there is a rapidly growing industry of merchants willing to accept Bitcoin in addition to old-fashioned dollars and they offer tangible goods in addition to services (online and real-world).  There are also nascent businesses starting up to provide interesting and unique services for Bitcoin holders.  A (growing) list of businesses accepting Bitcoins can be found here, and many merchants are added every day.  There are even merchants willing to accept Bitcoin for purchases (they make money from Amazon referral program).  These merchants are really opening up the world to Bitcoin enabling Kindles, laptops and even groceries, to be purchased with Bitcoin.  As many of these businesses are new, treat them with caution and research their online reputation before conducting any major transactions with them.  

Enjoy your newfound online financial freedom!

If you enjoy SurvivalBlog, then donating a little bit. The BTC address for Ten Cent Challenge contributions:  1K7Gk6kqX6psSWDJaRV6pyDH7dwZuvqtUB 

And if you’ve enjoyed or benefited from this Bitcoin primer, then please consider a little clink in my personal Bitcoin tip jar, here:  1BfhNGddNCGFcaJjisiUQW6m1UaSbPHTdF