Almost 8 years after the launch of bitcoin’s network, more and more e-commerce businesses are choosing to add bitcoin, and other cryptocurrencies, as accepted payment options including top merchants such as Microsoft, Overstock and Newegg. Those who choose to pay via bitcoin tend to be overly concerned about their privacy, which is the main reason for choosing bitcoin as their payment method. Nevertheless, e-commerce sites are proven to be rife with various third party trackers, which can undermine the privacy of bitcoin users.
Online trackers are capable of obtaining details of cryptocurrency payment flows, including buyers’ identities and prices of purchased items. Interestingly, they occasionally can obtain enough information about a purchase to successfully link it to a specific bitcoin transaction on the blockchain. This linkage can be expanded in two directions;
- The tracking cookies can be utilized to link the transaction to other online activities of the user.
- Bitcoin address clustering can be utilized to link the transaction to the other transactions executed by the same user
Online Trackers:
Since the advent of the internet, the number of third party trackers, which track and record the activities of users, have skyrocketed. Some of those trackers have an extensive view of users’ activities all over the web. For example, Google has a tracking presence over around 80% of all websites. Tracking techniques have also evolved to become highly sophisticated, which renders it almost impossible to be blocked by today’s tracker blocking tools.
Even though some trackers such as Facebook and Google link their tracking profiles to personal identities disclosed directly by users, most online trackers have no direct link with users. Nevertheless, even such online trackers obtain personal identification data, often accidentally. Various research studies have proven that leakage of personal information from websites to third parties is rampant, and the problem is worse today that it was a few years ago.
Even though most online trackers represent legitimate businesses, they are known to utilize intrusive techniques to track users. These include exploiting HTML5 APIs in device fingerprinting e.g. Audio Context, Canvas and Battery Status; workarounds to manipulate browsers’ privacy options; cross-device tracking and sniffing the content of unsubmitted forms. The security of servers of many online trackers is relatively poor. These servers are usually targeted by malvertising and other forms of attacks.
The problem of online trackers is unlikely to be solved soon. Consider ad retargeting, which is ability to present ads to users from merchandise to which they have shown interest in buying. The farther an online tracker can monitor along the payment flow (e.g. shopping cart, checkout page…etc), the greater the interest signaled.
Information Obtained By Third Parties and Online Trackers:
Users perform various actions on e-commerce sites e.g. logging in, browsing items, adding items to the shopping cart, checking out, adding gift/discount codes and making payments. The more of these actions monitored by a third party, the more feasible an attack is. The information obtained by third parties include:
- Payment timestamp: the third party obtains the timestamp of a payment due to the fact that it is usually embedded on the merchant’s website, especially on the checkout page.
- Payment address: Payment processors, such as Bitpay and Coinbase, will generate a new address for each transaction. Due to the fact that payment addresses are unique, leakage of the payment address enables online trackers to link the user making a purchase to the blockchain transaction.
- Price: Online trackers are capable of monitoring the prices of items browsed by users, items added to the shopping cart and sometimes even the final price after adding taxes and/or shipping fees.
- Personally Identifiable Information (PII): PII refers to any info related to the user’s real life identity or account on the e-commerce website of the merchant including name, username, email address and shipping address. Access of online trackers to PII exacerbates attacks on bitcoin users.
Types of Attacks Facilitated By Online Trackers:
There are two main forms of attacks that can be launched by online trackers, or by attackers who can sniff data obtained by various online trackers.
Attack 1: Single Transaction Linkage:
Throughout this attack, the attacker, or adversary, attempts to link a user, as identified by PII or a website’s cookie, to a transaction on the blockchain. Neither the merchant, nor the payment processor, are adversaries in this attack, due to the fact that they possess enough resources to perform this linkage successfully. Let’s assume that the user protects himself/herself against this possibility via coin mixing using mixing services such as Coinjoin, to unlink the purchase transaction from other transactions and addresses on the blockchain.
If the online tracker can access the payment address, it trivially facilitates linkage, as we mentioned earlier. The more interesting situation is when the online tracker obtains the approximate price of the purchased item and the timestamp of the transaction. As such, the tracker’s task will be to look through the transactions’ log on the blockchain to pinpoint those that fall within the window of uncertainty in terms of the transaction’s value and its timestamp. To quantify the success of the online tracker, the uncertainty of the tracker’s knowledge of the transaction’s value and timestamp, must be modeled:
- Price uncertainty: The uncertainty of the online tracker regarding price usually arises from shipping. If the online tracker obtains the target’s location, e.g. via leakage of PII or IP address, uncertainty can be reduced.
- Uncertainty related to exchange rate: The online tracker usually obtains prices denominated in Fiat currencies, e.g. USD, Euro…etc, rather than in BTC due to the high volatility of the currency. Payment processors use exchange rates broadcast by exchanges, so online trackers can reconstruct exchange rates, of bitcoin or any other cryptocurrency, at any point in the past. Nevertheless, as trades can take place multiple times per second, the exchange rate changes rapidly and thus, uncertainty will almost always remain.
- Payment timestamp uncertainty: This uncertainty emerges due to the gap that exists between the user checking out of the merchant’s website, broadcasting of the transaction by the user’s wallet and the recording of the transaction by the attacker or another node. The attacker may run his/her very own full bitcoin node, or may simply obtain the transaction’s timestamp from services such as blockchain.info. When the online tracker is embedded on the purchase receipt page, latency is markedly reduced.
Attack 2: Cluster Intersection:
Cluster intersection is a complementary attack where the attacker attempts to determine the cluster of addresses that belong to the victim’s cryptocurrency wallet. Wallets are designed to create multiple addresses, yet these addresses can be linked together by means of a number of different heuristics. Coin mixing services, e.g. CoinJoin, are believed to protect against this linkage. Let’s assume that the victim uses a desktop wallet, rather than an online wallet. Also, we will assume that the victim uses VPN, or a proxy, to mask his/her IP address.
In this type of attack, the victim communicates with the attacker multiple times. The attacker could be an online merchant, a payment processor, or an online tracker. Knowing that the attacker might obtain one of his/her addresses, the victim uses coin mixing to prevent the attacker from obtaining the rest of his/her addresses and transactions. As shown in the below figure, after the victim has purchased an item from merchantA.com, the attacker is uncapable of determining which of the three wallet address clusters are owned by the victim. However, after interacting with the same victim on a different site; merchantB.com, the attacker simply determines the intersection of the two groups of address clusters, which leads him/her to a unique address cluster.
Online trackers passively monitor users’ online purchases and are capable of linking them together, via means of cookies and/or device fingerprinting, even if the e-commerce website and payment processor are different throughout every purchase. Accordingly, this attack is complementary to Attack 1, and can take as input two different transactions detected in Attack 1. As such, even if Attack 1 turns out to be imperfect, Attack 2 will be executed successfully. The intersection size steadily declines as a function of the observations’ number, and even if two different observations are not enough to identify the victim’s wallet, several additional observations will likely be enough to identify it.