How private is your bitcoin wallet? The Open Bitcoin Privacy Project (OBPP), a global, not-for-profit organisation devoted to improving financialprivacy in the bitcoin ecosystem, attempts to offering merely about guidance with its Bitcoin Privacy Rating Report.
OBPP has released its minute edition of the report, scoring xx wallets on their privacy features. The overstep ranking inwards this study goes to Ledger, which earned a score of l out of 100 possible points, based on usability, character too feedback.
OBPP’s finish is to build fiscal privacy visible thus that users tin build informed choices close privacy risks.
Change Comes Slowly
Since the outset report, non much has changed for wallet providers, the study noted. Newcomers perish along to adopt hard disk architecture to assistance users avoid address reuse, but the large privacy pushes during 2014 – such every bit “stealth” addresses too Tor back upwards — declined during 2015. Wallets are largely inwards a belongings pattern, waiting for competitors to convey the lead on innovation.
Improvements are needed to maintain bitcoin condom too independent. The study encouraged users to allow wallet developers know that they tending close privacy, too take away wallets that reply to this demand.
The projection has made improvements to its privacy analysis inwards this year’s report. The threat model has evolved to convey a to a greater extent than systematic approach, considering the ways that privacy attackers tin work, too the countermeasures that wallet providers tin employ to protect their users.
More Criteria Used
The projection has nearly doubled the pose out of criteria considered for each wallet from 38 points to 68. Also, due to the demand for to a greater extent than wallets, this edition has a total of xx wallet clients, doubled from 10. That’s a 250% increase inwards the amount of information collected for this report.
All wallets were rated past times at to the lowest degree 2 professionally-unaffiliated volunteers with cross-checking for consensus to mitigate bias.
Along with information from wallet providers, the ratings stand upwards for the accumulation of to a greater extent than than 2,000 information points.
All proceeds from the projection larn toward the costs of producing the reports too futurity bitcoin privacy projects.
Privacy scores were based on privacy from blockchain observers, privacy from network observers, transaction participants, physical adversaries, too wallet providers.
The projection subjected each wallet to privacy tests with variable weights representing the relative importance of each measure. The consequence for each exam was converted to a numeric score betwixt 1 too 100 too multiplied past times the weighting factor. The criteria were designed thus that a higher score is ever amend than a lower one. By adding upwards the individually-weighted exam scores, an overall wallet privacy score is calculated with a maximum possible score of 100 points.
More information close the methodology is available inwards the GitHub repository https://github.com/OpenBitcoinPrivacyProject/wallet-ratings
Rankings Listed
Ratings are every bit follows:
1) Ledger 50
2) Breadwallet 49
3) Airbitz 47
4) Darkwallet 45
5) ArcBit 45
6) Samourai 43
7) Bitcoin-QT 43
8) Trezor 42
9) LUXSTACK 42
10) Bitcoin Wallet 42
11) MultiBit hard disk 40
12) GreenAddress 39
13) Armory 38
14) Copay 37
15) Mycelium 33
16) Electrum 33
17) Blockchain 30
18) BitGo 27
19) Hive 19
20) Coinbase 18
Following are excerpts from the private wallet reviews:
Ledger provides a multifariousness of smartcard-based hardware wallets that shop private keys too receive got integrated into merely about competing bitcoin wallets, every bit good every bit Ledger’s browser extension-based wallet. The projection reviewed the 1.4.0 browser too 1.1.0 firmware.
Breadwallet is an iOS wallet offering a simplified user interface providing basic functionality for sending too receiving funds. The simplified payment verification architecture allows it to obtain residue information direct from nodes inwards the bitcoin network.
Airbitz features sending too receiving functionality, the mightiness to tape transaction details, too a bitcoin merchant directory that allows users to search for bitcoin-accepting businesses. It was 1 of the outset mobile wallets to exercise an hard disk architecture, which allows it to easily protect user privacy past times automatically creating novel addresses for receipt of funds too change.
Darkwallet’s code base of operations has non changed since the concluding review, but its ranking decline from outset to 4th due to updates to the project’s threat model rather than a surge inwards competitors’ progress. Darkwallet remains 1 of 2 graphical wallets with CoinJoin back upwards too 1 of a few with ECDHM address support.
ArcBit is a newer contender on the iOS platform which emphasizes a streamlined interface too a novel privacy protection: ECDHM addresses. Adoption of ECDHM addresses has been tedious alongside wallet clients exterior Darkwallet, but ArcBit has tried to reinvigorate the applied scientific discipline with a rebranding called “forwarding addresses.” The addresses assistance users avoid address reuse too ensure the sharing of addresses on social networks condom for the outset time.
Samourai is a privacy-centric wallet that launched inwards a shut origin alpha unloosen inwards 2015. During its early on versions, it introduced a serial of novel privacy features such every bit BIP-69 fingerprinting, countermeasures, warnings to users close accidental address reuse, too remote wallet wiping via SMS inwards illustration of a stolen device.
Bitcoin-Qt is 1 of 2 total node clients with a graphical interface. Full nodes receive got a rigid network of privacy protections from downloading a local re-create of the blockchain, avoiding the necessitate to inquiry other parties close specific addresses. The official Bitcoin-Qt client has few privacy protections to render compared to other wallet clients.
Trezor has integrated a multifariousness of wallet software products. Influenza A virus subtype H5N1 purchaser of the Trezor hardware wallet tin select to link the device with clients similar Multibit HD, Mycelium too Electrum, too the user’s privacy volition live on based on the integrated client rather than the Trezor device. The network architecture betwixt the spider web wallet too the servers it gathers information from causes users to leak information from their wallet over the network when balances are queried or transactions are broadcast.
LUXSTACK, launched inwards the concluding year, has an interface that features basic functionality for sending too receiving funds. It utilizes a single-count hard disk wallet construction to assistance avoid address reuse.
Bitcoin Wallet, 1 of the outset wallet clients made available for the Android platform, is 1 of a few mobile wallets supporting the Simplified Payment Verification (SPV) architecture, using the BitcoinJ library. SPV wallets tin connect direct to bitcoin nodes to obtain residue information too broadcast transactions rather than relying on a trusted third-party server, every bit hit the bulk of mobile wallets.
MultiBit HD, every bit the mention implies, is the novel version of MultiBit Classic too uses a hierarchical, deterministic architecture that helps users avoid address reuse too backs upwards their wallet quickly. It follows an SPV architecture through the exercise of the BitcoinJ library. It has 1 unique privacy quirk: past times default, 1 of every several transactions volition include a pocket-sized donation to the Multibit developers.
GreenAddress takes custody over 1 of the 2 private keys needed to motion users’ multi-signature funds, which allows GreenAddress users to laid upwards diverse safety controls similar daily spending limits or requiring a second-factor authentication earlier sending funds. As long every bit GreenAddress refuses to sign transactions that attempt to pass the same client funds twice, they tin besides exercise this machinery to foreclose double spends. Influenza A virus subtype H5N1 quirk of the Chrome plugin user interface is that, inwards social club for a user to generate a novel receiving address, he must click on a unlike category inwards the carte du jour similar “Transactions” too and then click dorsum to the “Receiving Money” section.
Armory utilizes Bitcoin Core (bitcoind) to connect to the bitcoin network. Hence, users savor the privacy benefits of using a total node. The software is compatible with deterministic address generation too does non reuse addresses past times default. Transactions broadcast through Bitcoin Core tin live on routed through Tor with shaver configuration inwards social club to bolster network privacy, although users volition necessitate to engage inwards merely about setup steps first.
Copay is a multi-signature wallet produced past times BitPay. The multi-signature applied scientific discipline allows multiple users to receive got partial command over the same funds on unlike devices. The principal privacy defense forcefulness Copay utilizes is its hard disk address architecture, which helps avoid address reuse. Because of the exercise of P2SH-style multi-signature addresses, the pose out of cosigners involved inwards each transaction is recorded inwards the blockchain too all cosigners tin rail each other’s activity with abide by to the shared wallet.
Mycelium, a wallet client on the Android platform, uses an hard disk architecture based on BIP-44, which helps users avoid address reuse too segregate their funds into separate accounts. Managing multiple accounts lets a user maintain funds separate for unlike online identities. It establishes spending too savings accounts, too more. The Mycelium Android client besides features a built-in, peer-to-peer scheme called Local Trader that helps users central betwixt fiat currencies too bitcoin, similar to LocalBitcoins.com.
Electrum is a cross-platform, lightweight desktop wallet that uses a deterministic seed to generate all keys, backed upwards past times a 12-word string. Rather than downloading the entire blockchain, the client connects to federated Electrum servers for residue too transaction data. The connections tin easily live on made through Tor. Electrum is the solely bitcoin wallet to live on included past times default with the privacy-focused Linux distro Tails. It besides supports two-factor authentication too provides compatibility with hardware wallets similar Trezor too Ledger.
Blockchain has been developing a revamped version of its long-standing spider web too mobile wallet apps. As these products are inwards a pre-production phase at this report, the projection assessed the spider web wallet inwards production, which is largely unchanged since the outset report. Blockchain’s SharedCoin feature, exclusive to the spider web wallet, helps users defend their privacy against attackers using clustering analysis on the blockchain.
BitGo’s electrical current production trace emphasizes the exercise of multi-signature addresses to improve safety for users. This approach to wallet safety is suited for corporate users too allows a tiered hierarchy when checking the residue of too sending an organization’s funds. Looking at the spider web wallet, its privacy was comparable to other spider web wallets. Influenza A virus subtype H5N1 key divergence is that BitGo requires an e-mail address for registration. Users cannot decide the score to which BitGo’s servers necktie the e-mail address to the funds.
Hive is a cross-platform wallet available on the Mac, spider web too mobile devices. The assessment focused on the OSX version of the app. The Hive OSX client is the solely client the projection found that lacks a cardinal privacy control; the mightiness to generate to a greater extent than than 1 bitcoin address inwards a wallet. Users cannot escape a pattern of address reuse; they are dependent area to lilliputian blockchain analysis attacks.
Coinbase’s wallet tin live on subdivided into 2 parts: a classic version too Coinbase Vault. Coinbase acts every bit a custodian of private keys for both versions, with the exception that Coinbase Vault allows users to retain merely about of the signing keys needed for a transaction. The study focused on the classic version of the wallet functionality. Because of the custodial nature of the wallet, users are afforded depression privacy. Private keys are generated too held serverside, too the service retains detailed information close incoming too outgoing transactions. Customers must undergo a stringent identification procedure to exercise the service.
Images from Shutterstock too OBPP.
