Bitcoin-Accepting Merchants’ Cookies Threaten User Anonymity
Researchers at Princeton University have published a paper that highlights the privacy issues of making cryptocurrency payments at online merchants that use browser cookies to collect user data. The paper’s findings suggest that bitcoin users lose much of the digital currency’s anonymity when shopping online. Transactions can be linked to user identities through the very commonplace use of third-party trackers.
Privacy researcher Dillon Reisman and Princeton University academics Steven Goldfeder, Harry Kalodner and Arvind Narayanan demonstrate in their paper titled ‘When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies’ how easy it is to link transactions to users through the use of tracking cookies.
While it is no surprise that merchants use customer data to retarget ads on social media networks such as Facebook or advertising platforms such as GoogleAds, it is somewhat discerning to see how easy it is to link bitcoin transactions to users through the use of standard tracking software and blockchain analysis.
How Cookies Can be Used to Track Bitcoin Transactions
Online merchants use third-party tracking software to monitor how customers act on their platform so that they can better target their advertising towards their customer base. Regular information recorded by the tracking software includes recording method of payment, articles in the shopping articles, how much is being paid for the products but can also include name, email address, and usernames.
Such traffic software affects bitcoin users who would prefer to stay anonymous when shopping online as “many shopping sites leak enough information about your purchase to trackers that they can link it uniquely to the payment transaction on the blockchain. From there, there are well-known ways to further link that transaction to the rest of your bitcoin wallet addresses,” Stever Goldfeder, co-author of the paper, explained in a blog post.
Source: (Reisman et al., 2017)
In the paper, the following example illustrates how straightforward it is to trace user identities through third-party tracking software when they transact with bitcoin, “Consider three websites that happen to have the same embedded tracker. Alice makes purchases and pays with Bitcoin on the first two sites, and logs in on the third. Merchant A leaks a QR code of the transaction’s Bitcoin address to the tracker, merchant B leaks a purchase amount, and merchant C leaks Alice’s Personally Identifiable Information (PII). Such leaks are commonplace today, and usually intentional.”
“The tracker links these three purchases based on Alice’s browser cookie. Further, the tracker obtains enough information to uniquely (or near-uniquely) identify coins on the Bitcoin blockchain that correspond to the two purchases. However, Alice took the precaution of putting her bitcoins through CoinJoin before making purchases. Thus, either transaction individually could not have been traced back to Alice’s wallet, but there is only one wallet that participated in both CoinJoins, and is hence revealed to be Alice’s.”
As the example shows, shopping online using bitcoin is by far not as anonymous as many may think. Given the inherent desire of online merchants to collect as much data as possible on customers and potential customers for marketing and analytics purposes, it turns out that bitcoin transactions can actually be traced in a shockingly easy manner.
Online Merchants Don’t Hold Back When it Comes to Collecting Data
Using the privacy measurement tool OpenWPM, the researchers found that out of the 130 merchant websites included in their sample; 107 sites leaked some kind of transaction information, 49 sites leak personal identifiers such as names and email addresses, 31 sites allowed third-party scripts to access users’ bitcoin wallet addresses, 104 sites shared the non-BTC denominated price of the transaction, and 30 sites shared the bitcoin transaction price.
How to Minimize the Privacy Risk of Shopping Online Using Bitcoin
The mitigation of bitcoin transaction deanonymization in e-commerce can be executed either by merchants or by bitcoin users themselves.
According to the researchers, merchants could mitigate bitcoin transaction privacy issues by:
“(1) enabling HTTPS on all shopping (and especially payment-related) pages — this would protect against network adversaries, but not third-party trackers, our main adversary of interest
(2) generating Bitcoin address QR codes internally instead of outsourcing it to a third party;
(3) avoiding leaks of the Bitcoin address from payment receipt pages;
and (4) avoiding unintentional PII leaks.”
However, online merchants are not really incentivized to protect their customers’ (and potential customers’) identities. They are interested in generating the most revenue possible per customers. Hence, it is unlikely that leading merchants who spend millions on digital advertising will reduce their user tracking activities, unless new privacy laws will be put into place and enforced by lawmakers.
Therefore, it comes down to the individual bitcoin user him or herself to mitigate the risk of deanonymization. To do so, the paper suggests installing leading ad blocking software such as Adblock Plus, uBlock Origin, or Ghostery to block trackers from collecting information on web surfing activities. Furthermore, “on the cryptocurrency side, the main self-defense is to use improved mixing techniques, especially multi-round mixing.” CoinJoin would be an example of a decentralized mixing service that the researchers recommend to improve transaction privacy. Multiple mixing rounds would improve privacy further but would also add transaction costs and inconvenience to the user.
However, even the use of tracking protection as well as the coin-mixing service CoinJoin to minimize tracking does not guarantee full transaction anonymity when shopping online.
Bitcoin’s Anonymity Issues Make a Case For Anonymous Cryptocurrencies
Through the collection of customers’ names, email addresses and bitcoin payment details, real-world identities can be linked to bitcoin wallet addresses. An alarming thought for those in the Bitcoin community who rank payment privacy highly. Even more alarming, perhaps, is the fact that the deanonymization of bitcoin transactions through this method can retroactively be applied to past purchases.
Despite new initiatives aimed at increasing bitcoin transaction anonymity, such as ZeroLink, these new revelations by Princeton researchers make a strong argument for the use of anonymous cryptocurrencies such as Zcash and Monero to keep transaction privacy in place.