Hi there,

I've been following bitcoin for a while, and finally decided it was about time to get started with it. I do have a question about anonymity and threat models though, which I'm struggling to figure out myself.

Let's say I want to buy a banned book using bitcoins. I'm new to bitcoin, so I do the following:

1) Buy bitcoins using wire transfer from an exchange.
2) Transfer bitcoins from exchange to my wallet.
3) Buy the book from somewhere online place.
4) Get the book shipped to my house.

The threats that I see here all revolve around the seller getting busted. In this case, the attackers have:
- My postal address (from shipping it, presuming the seller kept logs)
- The address my bitcoins came from.

Am I correct in thinking that the attacker can also see the history of the transactions that passed through my wallet (as they now have the wallet address)? If so, presumably they could see that the bitcoins originated from an exchange, and subpoena the exchange.

The subpoena an exchange issue could be dealt with largely by depositing in cash, rather than wire transfer. That way the exchange need have little knowledge of my identity.

The postal address issue seems pretty intractable, to me. A PO Box would provide another layer of indirection, but is also a subpoena (or less in many countries) away from revealing my identity.

Anything I haven't thought of, or have thought of wrongly, or better ways of doing things?

Thanks