Yes, actually. Bitcoin is widely mis-reported as anonymous when the reality is that every bitcoin transaction ever made is publicly and permanently recorded in the distributed ledger. That's how anyone and everyone can verify that the ledger is legit. These transactions are associated with wallet ID numbers, not names. And, anyone can create a fresh, unassociated, empty wallet at any time. But, it's not hard to follow the money and infer who is doing what. Thus, the technical description is that Bitcoin isn't anonymous, it's pseudonymous.
...every bitcoin transaction ever made is publicly and permanently recorded in the distributed ledger...
Does this ledger ever get rolled up? I thought something like that was part of the system. Otherwise you'd have an ever growing transaction log and the system would fail eventually, wouldn't it?
Since pruning support was added, a full node no longer needs to have the full blockchain. In situations where storage is limited, you simply need enough for verifying new blocks.
Many nodes will still keep the full transaction history, though there is no requirement to for bitcoin to function. As long as there is interest in looking at old transactions, people will hold on to that old data.
Don't you have to download the full blockchain when you bootstap a new node, to verify all the transactions? After you verify that a transaction has been spent, you can prune it from your local copy. But someone still has to keep all the old transactions around for new nodes to download, right?
In theory, in the future the blockchain status can be compressed to just the "UTXO set" (unspent transaction outputs) with a Zero-knowledge proof of correctness. That would be a form of maximal trust free pruning.
It's a consequence of the fact that the general ledger (aka the blockchain) is public information. It has to be, otherwise the system would not work; what I mean is that you cannot design a crypto currency whose ledger is not public information.
You can think of it this way: When you sign a message you prove knoweldge of a private key (discrete log of a particular public key). Everyone can verify the signature, and yet they do not learn anything about the private key they didn't know before seeing the signature.
There is no conflict between verifyability and privacy.
It depends on what you mean by "cryptocurrency". None of the Chaum-based Digital Cash system designs of the 80s and 90s featured a public ledger, but they weren't decentralized. The public ledger was an innovation of Bitcoin (as far as I know, even Szabo's property title system didn't propose to make the ledger actually public), and many people at the time felt that it was a bad idea, since it gave up anonymity.
It seems plausible that fully homomorphic encryption will eventually enable a practical and fully anonymous cryptocurrency, but nobody has figured out how yet. Also, even without FHE, maybe someone will figure out how to make a Bitcoin-style public-ledger system that somehow uses Chaumian blinded keys instead of ditching anonymity entirely.