Tuesday, August 29, 2017 by Ethan Huff
One of the benefits of cryptocurrency technologies like Bitcoin is that all transactions are supposed to be anonymous. But new evidence put forth by researchers from Princeton University suggests that hidden tracking cookies within the Bitcoin platform can actually link transactions directly to users via their activities across the rest of the web.
Third-party tracking cookies linked to online e-commerce websites that support Bitcoin can leave a trail of evidence behind user transactions that essentially de-anonymize them, the report found. Even when using blockchain anonymity techniques like CoinJoin, users can still find that their Bitcoin transactions aren’t as private as they think they are.
“Based on tracking cookies, the transaction can be linked to the user’s activities across the web,” the report explains. “And based on well-known Bitcoin address clustering techniques, it can be linked to their other Bitcoin transactions.”
This revelation will probably come as a surprise to Bitcoin veterans, many of whom adopted the cryptocurrency as an alternative to fiat currencies that are easily manipulated, and in many cases tracked. The essence of Bitcoin has always been that it’s a decentralized, anonymous monetary platform with limited outside interference. But this apparently isn’t the case.
Another problem identified in the research is the surprisingly large number of online merchants that accept Bitcoin while sharing customer data with third-party companies. This suggests that many Bitcoin users are not only having their identities exposed, but they’re also having their identities illegally sold to other entities.
Nearly half of all leaked Bitcoin payment information is done so intentionally for advertising and analytics purposes. This can include Bitcoin addresses, Bitcoin-denominated price information, and personally-identifiable information about people who use Bitcoin.
While these problems aren’t exclusive to Bitcoin, they do plague this popular platform to a much higher degree than users realize. And the fact that Bitcoin is amongst the most widely-used cryptocurrency in the world makes it a serious cause for concern from a privacy standpoint.
“We show that a small amount of additional information, namely that two (or more) transactions were made by the same entity, is sufficient to undo the effect of mixing,” the report adds, mixing referring to anonymizing software that tries to obscure users’ identities.
“While such auxiliary information is available to many potential entities – merchants, other counterparties such as websites that accept donations, intermediaries such as payment processors, and potentially network eavesdroppers – web trackers are in the ideal position to carry out this attack.”
As is the case with most things, just because Bitcoin has these vulnerabilities doesn’t mean that all crypto currencies are affected by them. There are several other crypto currencies out there besides Bitcoin that have a much higher level of security, and that some experts say are preferable to Bitcoin for this and other reasons.
“The most well known of these are Zcash, based on the Zerocash protocol, and Monero, based on the Cryptonote protocol,” says the report.
“Zcash is more computationally expensive but comes with more rigorous security properties. Of the two, Monero has more vendor support at the time of writing, but still far less than Bitcoin or even Litecoin, and primarily on hidden-service sites merchandising illicit goods. While some anonymity weaknesses have recently been revealed in Monero, we believe that it is not susceptible to the cluster intersection attack.”
So while using programs like uBlock Origin, Adblock Plus, or Ghostery isn’t foolproof, switching to another cryptocurrency is, claim the reporters. Anonymity with these other crypto currencies isn’t just an overlay like it is for Bitcoin, but it’s actually embedded into their very protocol.
Sources for this article include: