Out-Law News 1 min. read
21 Aug 2017, 12:25 pm
Academics at Princeton University in the US looked at the impact of online tracking on the privacy of bitcoin users, who they said "tend to value financial privacy".
The study looked at 130 online retailers that accept payment by the bitcoin and found "at least 53" of the sites "leak payment information to a total of at least 40 third parties, most frequently from shopping cart pages".
The information leaks generally happen when the retailers use web tracking technologies such as cookies and device fingerprinting to gather data "for advertising and analytics purposes", according to the academics' paper.
However, their study also found other examples where there were "far more serious (and likely unintentional) information leaks that directly reveal the exact transaction on the blockchain to dozens of trackers", it said.
According to the academics, some of the information leaked included "transaction-specific" information about a purchase by bitcoin, as well as personally identifiable information about the consumers, such as their name or email address.
The use of "blockchain anonymity techniques" did not always stop the information being leaked and used to expose the "real world identity" of bitcoin users, they said. The academics referred to the leaks as "privacy-breaching data flows", which they said could also happen with cryptocurrencies other than bitcoin.
"Online trackers are able to see sensitive details of payment flows, such as the identities and prices of items added to shopping carts," the academics' report said. "Crucially, in many cases they receive sufficient information about a purchase to link it uniquely to a transaction on the bitcoin blockchain. This core linkage can be expanded in both directions: based on tracking cookies, the transaction can be linked to the user’s activities across the web. And based on well-known bitcoin address clustering techniques, it can be linked to their other bitcoin transactions."
"Our attack highlights the dangers of pervasive web tracking: bitcoin is often used for sensitive activities, making the compromise of bitcoin privacy a far more serious threat than targeted advertising," it said.