Cookies can Easily Link You to Your Bitcoin Purchases

0

If you want to purchase something off the Internet anonymously, Bitcoin is a good choice for that, and the practice has become common nowadays. But while Bitcoin is anonymous, Internet users aren’t and this is why researchers are warning us. Princeton University researchers have proven that linking an anonymous Bitcoin transaction to the actual purchaser is in many cases very simple to do.

As the researchers say, all it takes to link a transaction to a purchaser is to link cookies on a user’s machine to a transaction. They say that the process is so simple that they themselves are surprised how nobody talked about this before.

Privacy researcher Dillon Reisman carried out the research with the help of Princeton’s Arvind Narayanan, Steven Goldfeder, and Harry Kalodner. In the paper, they use a case study subject called Alice to demonstrate just how simple it is to link cookies to Bitcoin (or any other cryptocurrency) transactions.

When we go to websites, cookies are there to allow vendors to identify us and link us to possible past purchase. Even if you use a VPN, it still doesn’t guarantee you that a website won’t know who you are. They work similarly to logging in to accounts – cookies are small bits of data left behind you after you visit a website. When you return to the same address, the crumbs interact with the website and lets it bring back the data it was left after your last visit. It is an invisible process that is automatically logging you in to many websites that you visit.

Cookies help the website owners to figure out statistics about how well the website is performing, as well as helps them to better target you individually.

In the study, researchers have discovered that only a small amount of data needs to be gathered by a website to discover who is behind a specific Bitcoin transaction. What’s even more worrying is that those cookies can still identify the people behind transactions when services such as CoinJoin are used for an added layer of privacy.

CoinJoin is a service that allows people to make anonymous Bitcoin transactions. Bitcoins are held together by a public ledger system called the blockchain. That public ledger holds the entire history of Bitcoin transactions and is what makes Bitcoins incorruptible.

Unfortunately, the exact immutable security provided by the blockchain is what also provides a way to tie people to their transactions. All this is due to all the transactions being registered on the blockchain being completely public. This means that anyone can see the address of the sent Bitcoins and to what address it has been sent to. When those addresses are linked to real-world identities, the transactions reveal who transacted with whom and/or for what.

This is what services like CoinJoin and other Bitcoin mixers (or tumblers) are for – they help people distance themselves from their Bitcoins. They digitally launder the Bitcoins by combining many people’s Bitcoins together and mixing them up before they perform a transaction.

As for CoinJoin, the way it works is by combining several transactions of multiple users into one big transaction. That one transaction sends Bitcoins from their various input addresses to the desired output addresses. Due to the fact that none of the sending addresses directly pay any of the receiving addresses, privacy is gained. Unfortunately, that process – which was previously perceived to provide high levels of anonymity – falls short because of cookies, according to the Princeton paper.

LEAVE A REPLY