When the user’s local terminal data (cookies) encounters a block chain


nnnAdventure: The encrypted currency is portrayed as an even more anonymous and less traceable means of payment than a credit card. But when you really use Bitcoin or other encrypted currency for online shopping or as a means of payment, your privacy can get what degree of protection? Recently published a new paper on the block chain to reveal the possible disclosure of privacy. This paper elaborates the possibility of this kind of privacy disclosure based on the combination of the third party tracking system of multiple websites and the block chain.n
nnTranslation: Clovern
nThe encrypted currency is portrayed as a more anonymous and less traceable means of payment than a credit card. So how much privacy would you have if you were using Bitcoin or other encrypted currency to shop online or to pay for it? In a new paper, we reveal that you have very little privacy.n
nWeb sites, including shopping sites, usually have dozens of third-party tracking systems per site. These third parties will track the details of the sensitivity of the payment flow, such as the goods you add to the cart and its price, no matter what form of payment you choose. Crucially, we found that many shopping sites would reveal sufficient buying information to the tracking system enough to enable these tracking systems to be uniquely associated with payment transactions on the chain. In the chain chain, you can through a lot of familiar ways to further the transaction with your other bit currency wallet address associated. You can use Adblock Plus and uBlock Origin such as browser extensions, as well as coin technology (CoinJoin) such as bit coin anonymous technology to protect themselves. Although these measures may be helpful, we find that this association is still possible.n
nAttack the full range of instructions. Think of three sites that have exactly the same built-in tracking system. Alice buys on the first two sites and uses Bitcoin to pay for it and then logs on on the third site. Merchant A leaks the two-dimensional code of the bit-address of the transaction to the tracking system, the merchant B leaks the purchase amount, and the merchant C leaks Alice’s personally identifiable information (PII). Today, this level of information disclosure is very common, and often also intentionally. The tracking system correlates three purchases based on the data (cookies) stored on the user’s local terminal by the Alice browser. In addition, the tracking system also obtains sufficient information to uniquely (or uniquely) identify the currency corresponding to the two purchases on the bitcoin block chain. However, Alice took some precautionary measures to deposit Bitcoels into the wallet through CoinJoin before making the purchase. As a result, each transaction can not be traced back to Alice’s wallet, but only one wallet is involved in CoinJoin twice, so it’s Alice’s wallet.n
nUsing the privacy measurement tool OpenWPM, we analyzed 130 e-commerce sites that received Bitcoin payments and found that 53 of the sites would reveal transaction details to the tracking system. Many (but not all) information leaks are intentional for advertising and analysis. In addition, 49 sites reveal personal identifiers to the tracking system: name, email, username, and so on. This combination means that the tracking system can associate the identity of the real world with the address of the bitcoin. It is clear that all the leaked data is stored in dozens of tracking company log records, and can use the past procurement data for retrospective relevance.n
nIn a group of these sites, we made a real purchase for the first time using a coin of CoinJoin anonymous technology “combination”. [1] We found a tracking system that observes our two purchase deals (which are also very common) to be able to identify our bit currency wallet in 80% of the time. We will introduce all the details of the attack in the paper, as well as a comprehensive analysis of its effectiveness.n
nOur findings remind us that there may be unexpected information disclosure in the absence of a documented privacy attribute, as well as potential violations of privacy. When multiple such systems interact, this information disclosure may be less noticeable. The anonymity problem in encrypted money seems to be particularly tricky because it inherits data anonymity (sensitive data must be publicly stored on the block chain) and anonymous communications (privacy depends on the behavior of users and applications that are not obvious Interaction) of the worst case.n
n[1] In this experiment, we carried out 1-2 rounds of mixing. We also provide proof in the paper that although the higher mixing depth reduces the effectiveness of the attack, but did not overcome this attack. There is still a need for closer consideration of trade-offs.n

Leave a Reply

Your email address will not be published. Required fields are marked *