1 min read

Cryptocurrency doesn"t guarantee financial privacy, researchers find

Luana PASCU

August 21, 2017

Cryptocurrency doesn"t guarantee financial privacy, researchers find

Popular cryptocurrency Bitcoin has been used for 8 years to make anonymous payments on the web, and is now also accepted by Microsoft, Newegg and Overstock. But the payments are not as below the radar as Bitcoin adepts might think, according to researchers from Princeton University who analyzed 130 merchants who accept Bitcoin.

The group used two attack methods to investigate how third-party web trackers that store user data for advertising and analytics can expose the identity of the users, even though blockchain anonymity techniques such as CoinJoin are deployed. After identifying the transaction, they linked it to the cookie collected and then to the user”s real identity.

“If the user pays using a cryptocurrency, trackers typically possess enough information about the purchase to uniquely identify the transaction on the blockchain, link it to the user”s cookie, and further to the user”s real identity,” the paper reads.

“Our second attack shows that if the tracker is able to link two purchases of the same user to the blockchain in this manner, it can identify the user”s entire cluster of addresses and transactions on the blockchain, even if the user employs blockchain anonymity techniques such as CoinJoin. The attacks are passive and hence can be retroactively applied to past purchases. We discuss several mitigations, but none are perfect.”

Additionally, many merchants leak to third parties users” PII (Personally Identifiable Information) such as name and email address, allowing them to track transactions and activity. Almost all merchants” websites enabled malicious trackers to extract the information with JavaScript.

Key takeaways:

  • 53 websites intentionally leaked payment information
  • 49 websites leaked PII data
  • 43 websites sent some form of non-BTC-denominated cart price data to third parties
  • 28 merchants who accept Bitcoin shared add-to-cart events with third parties
  • 17 websites send the receiving Bitcoin address or BTC-denominated price to a third party

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read