Independent researchers at Princeton University have revealed that they can identify the names of users behind Bitcoin transactions.
Researchers at Princeton University have revealed just how simple it might be to reveal the personal identities of individuals taking part in Bitcoin transactions. Utilizing tracking cookies, transactions can be linked to the user’s activities across the rest of the web, revealing their identity.
“Based on tracking cookies, the transaction can be linked to the user’s activities across the web. And based on well-known Bitcoin address clustering techniques, it can be linked to their other Bitcoin transactions,” they wrote.
The researchers also discovered that a surprisingly large number of online merchants who accept Bitcoin share information on their customers with third-party companies.
Here is how security site HelpNetSecurity.com breaks down their findings on merchants:
53 of the 130 leak payment information to third parties (mostly intentionally, for advertising and analytics purposes)
17 of the 130 send the receiving Bitcoin address or BTC- denominated price to a third party
43 of the 130 send some form of non-BTC-denominated cart price data to third parties
28 of the 130 shared add-to-cart events with third parties
49 of the 130 leak some form of personally identifiable information (PII) to a total of 137 third parties, and 21 of those third parties also receive transaction-relevant information.
The researchers suggest other cryptocurrency projects for those who are looking for higher levels of security, such as Zcash and Monero as possible alternatives to Bitcoin. “The most well known of these are Zcash, based on the Zerocash protocol, and Monero, based on the Cryptonote protocol. Zcash is more computationally expensive but comes with more rigorous security properties. Of the two, Monero has more vendor support at the time of writing, but still far less than Bitcoin or even Litecoin, and primarily on hidden-service sites merchandising illicit goods. While some anonymity weaknesses have recently been revealed in Monero, we believe that it is not susceptible to the cluster intersection attack,” they wrote.