Open Bitcoin Privacy Project Ranks Winners and Losers for Wallet Privacy
The Open Bitcoin Privacy Project (OBPP), has released a report on 10 leading Bitcoin wallets, setting standards for privacy that they argue are much needed in the space. The Bitcoin wallets in the report include Coinbase, Blockchain.info, Mycelium, Darkwallet, Airbitz, Armory, Electrum, Bitcoin Wallet and Multibit Classic.
According to the report, Darkwallet is the most privacy-concerned wallet, while Coinbase falls on the other end of the spectrum.
OBPP is a Bitcoin privacy research organization lead by prominent figures in the Bitcoin community, including Kristov Atlas, a well-known privacy researcher; software designer Justus Ranvier; engineer Daniel Krawisz at Monetas; technical illustrator Samuel Peterson, and others.
The researchers looked at various aspects of wallet software, including where public addresses are generated, whether clients (such as light wallets) need to ask trusted servers for the balance of their accounts, whether users are protected from blockchain observers through the use of coin mixers or stealth addresses.
All off the test results added up to three categories of testing: usability, quality and feedback. These three add up for a total privacy score of up to 100 points. All wallet providers were sent a questionnaire and given a chance to review the research results before publishing. Almost half of the wallet developers did not respond to the questionnaire.
The three lowest ranked wallets for privacy: Coinbase, Multibit, Blockchain.info,
Coinbase is a leading U.S. Bitcoin company that provides exchange and payment processing services as well as wallet services. Both of these wallets provide custodial services to users and keep control over their private keys, with the exception of Coinbase Vault’s support for multi-signature wallets. OBPP focused on the classic version, which keeps full control over their user’s private keys. It did not fare well under their tests.
“Because of the custodial nature of Coinbase’s wallet, users are afforded low privacy. Private keys are generated and held server-side, and the service retains detailed information about incoming and outgoing transactions. Customers must undergo a stringent identification process in order to use the service. The wallet generates new Bitcoin addresses for change, but employs few other basic controls to protect privacy on the blockchain,” said the authors of the OBPP report.
The authors also point out that Coinbase can improve these privacy vulnerabilities and remain compliant with anti-money-laundering and know-your-customer rules by discouraging address reuse and providing better feedback to users about actions that will degrade their privacy.
The Coinbase wallet scored only 11 out of 100 possible points for privacy. Only a few points above Coinbase was the Blockchain.info wallet. Blockchain.info is one of the oldest companies in the Bitcoin wallet space and were the first to advocate full user control over private keys, a standard that set the bar for all wallet providers.
As early leaders in the Bitcoin wallet race, their web and mobile wallets quickly became the most widely used, with nearly 3.4 million wallets in existence, according to OBPP.
While Blockchain.info has made efforts toward improving user privacy, including the launch of their CoinJoin bitcoin mixing technology, they have fallen behind by not implementing hierarchical deterministic (HD) wallets. This generally means that users must manually create new addresses for each transaction for maximum privacy and continuously update their backups, instead of new addresses being automatically generate for each transaction from a common seed.
According to the OBPP report, Blockchain.info’s web and mobile wallets function so differently that they analyzed each individually, and they received scores of 22 and 14 out of 100 respectively, leaving them at above only Coinbase in the rankings.
Kristov Atlas told Bitcoin Magazine that “The single biggest differentiator for the spring 2015 rankings was whether the wallet was [hierarchical deterministic]”
First place: Darkwallet
At the top of the rankings is Darkwallet, a Google Chrome extension wallet. Darkwallet made international headlines over the past two years as an anonymity and anti-surveillance software initiative founded by activists Amir Taaki and Cody Wilson. Its objective is to make Bitcoin finance “go dark.”
The Darkwallet project has been noticeably absent from the media in the past months but the development build of the wallet put it at the lead as far as total privacy with a score of 54.
“Darkwallet in the only wallet we’ve considered so far which includes automatic CoinJoin mixing and ECDH stealth addresses. Another notable feature in Darkwallet is an automatic P2P network for messaging between users,” according to the OBPP report.
Darkwallet is indeed the only major Bitcoin wallet with stealth addresses (SA) natively supported for recipients and senders. Some wallets, such as Electrum, support sending, but not receiving, SA transactions. Because of the nature of SA, it is essential that other wallets support the technology to enhance its utility and standardization.
Two of the weaknesses of Darkwallet were its dependence on “Obelisk servers which have the ability to de-anonymize users,” coupled with low user activity, which makes it much harder to find others to mix up your transactions with, particularly with significant amounts of bitcoin.
Since Darkwallet is still in alpha development, future growth of the user base could alleviate the liquidity problems of their mixing process. Nevertheless, the OBPP researchers expressed uncertainty about the future of the project given that has not released a stable build yet and no development activity has occurred since February 2015. The Darkwallet developers did not respond to the OBPP questionnaire.
Desktop wallets: Armory, Electrum, Multibit
Taking second-place in overall privacy ranking is Armory, the full-node Bitcoin vault that provides wallet security software for the intermediate and advanced Bitcoin users and enterprise customers. Armory is available for Linux, Windows and OSX and is among the more resource-intensive wallets, in part because it’s designed to run a full bitcoin node. It had a total privacy score of 54, tying it for first place with Darkwallet.
Armory was praised for supporting with hierarchical deterministic (HD) address generation and not reusing addresses by default, as well as supporting TOR connections with minimal configuration.
The researchers suggest that Armory can improve privacy protections for users by supporting a mixing protocol such as CoinJoin as well as by informing users when they are making choices that compromise their privacy, a common criticism leveled at most the wallets included in the report.
Electrum followed the desktop wallets with a score of 46, tying it for fifth place with the mobile Bitcoin Wallet. It earned that ranking for its support of HD addresses, using a 12-word seed for a one-time backup, as well as its default generation of new addresses per transaction. But most noticeably, Electrum was praised for being included in the privacy-centric Tails operating system, as well as its easy compatibility with TOR connections.
Electrum’s largest weakness, according to OBPP, was its reliance in a federated network of Electrum servers which connect it to the Bitcoin network. The researcher suggest Electrum could improve its score by adding support for stealth addresses and CoinJoin.
The most private mobile wallets: Mycelium, Bitcoin Wallet, Electrum, AirBitz
Taking third place with a score of 50 was Mycelium, the Android and iOS Bitcoin wallet which regularly earns praise for its privacy features. Mycelium ranked highly for its use of HD wallets and its easy support for TOR connections.
However, it was criticized for relying on the Mycelium servers rather than Bitcoin peers to connect to the Bitcoin network. This weakness, they argue, allows the company to gather information on users. This weakness was common among most Bitcoin wallets, except those running a full node, such as Armory.
Following Mycelium were Bitcoin Wallet, Electrum and Airbitz, all with scores of 45 or 46 out of 100.
These mid-ranked wallets generally suffered from the same weaknesses: reliance on central servers to connect to the Bitcoin network, no support of stealth addresses, and no graphic user interface warnings informing users about choices that compromise their privacy. Among the four mobile wallets, only Mycelium and Airbitz responded to the questionnaire provided by the OBPP.