Research out of Princeton University has shown how Bitcoin transactions with online merchants who accept the digital currency can be linked to a user’s cookies with ease, essentially erasing the supposedly anonymous nature of it.
The paper sees privacy researcher Dillon Reisman and Princeton’s Steven Goldfeder, Harry Kalodner and Arvind Narayanan demonstrate just how straightforward it can be to link cookies to cryptocurrency transactions.
It is through third-party leaks that this information gets spread and the user’s identity can be found. And it is only a small amount of information that needs to be leaked for a Bitcoin spender to be tied to their purchases.
Of 130 online merchants that accept Bitcoin, the researchers say, 53 leak payment information to 40 third parties. It is the shopping cart pages that are primarily to blame for the spreading of this information.
A lot of these leaks are also, of course, on purpose, such as for advertising and analytics.
Not just an identity
The research also showed that the leaks are often more damaging, and probably unintentional, as they can directly reveal the exact transaction on the Blockchain to dozens of trackers.
Of the 130 sites the researchers checked, in total, 107 sites leaked some kind of transaction information, 31 allowed third-party scripts to access users’ Bitcoin addresses, 104 shared the non-BTC denominated price of a transaction and 30 shared the transaction price in Bitcoin.