November 25, 2024

Are User Identification Networks the Future of Commercial Bitcoin Transactions?

With 12.3 million bitcoins mined to date, the total value of bitcoins has reached $9.975 billion US dollars. While this may pale in comparison to the $1.23 trillion US dollars in circulation, the use of bitcoins in commerce is gaining traction.  With this traction the potential exists to link users’ identities with their public bitcoin wallet addresses and commercial transaction histories.

Earlier this year Overstock.com announced that it would begin accepting bitcoins as payment for consumer purchases. The company’s announcement makes Overstock.com the first major US online retailer to accept bitcoins, albeit via a third-party payment processor. Prior to this announcement, a patchwork of smaller online vendors and brick-and-mortar stores had already begun accepting bitcoins. Using bitcoins, individuals are now able to order food for delivery, engage in online dating , and purchase everything from babyfood to videogame consoles.

As bitcoins enter the stream of commerce, we should all consider the privacy implications associated with the use of bitcoins in commercial transactions.  Every bitcoin and bitcoin transaction is recorded on a public ledger, commonly referred to a block chain. While each bitcoin and bitcoin wallet address is only identified by a string of characters, anyone with knowledge of a particular bitcoin string or wallet address can trace the entire transaction history of that particular bitcoin or wallet address. In fact, we now have a number of real world examples where bitcoins have been traced their ultimate owner, most famously, the FBI’s identification and arrest of Silk Road’s “Dread Pirate Roberts.”

In the context of privacy and commerce, unique bitcoin address identifiers and unique ad network identifiers share many of the qualities that purport to offer an anonymous user experience. Analytics companies operate by aggregating visitor information across websites, via unique identifiers. Therefore, if an individual visits Company Websites 1, 2, and 3 –assuming each website has a contractual relationship with the analytics company– the analytics company might tag each consumer visit with the same unique ID number. Without the unique ID number, the analytics company might not be able to determine that the same individual visited each of the three websites. In exchange for access to uniquely tag users on a company’s website, an analytics company might offer each website information about their users. In this manner both the analytics company and the websites gain insight about people as they browse the internet.

Using the third-party network example, bitcoins operate both as the unique identifier AND the third-party network. A person’s bitcoin wallet contains a public ledger that allows anyone to identify the exact bitcoins contained in each wallet. As people spend the bitcoins in their wallet, it is possible to view the history of each transaction in real-time. Until recently, the public nature of the block chain has not raised many privacy concerns since the identities of the parties on either side of any given transaction are not publicly known. Thus, while it’s possible to follow the physical money trail, it is substantially more difficult to determine the identity of the money holders.

However, consider a common online purchase of a commercial good using bitcoins: in order to process a transaction and send a good to the buyer, the buyer must pay with a bitcoin from her bitcoin wallet. In most instances the buyer would provide her name and address in order for the good to be delivered.  She might also provide an e-mail address to receive an electronic receipt or confirm acceptance of payment and delivery. To offer a modicum of privacy, the company might provide the buyer with a one-time bitcoin wallet address for her to send her money to. This decreases the likelihood of people discovering all the transactions that take place through the company. However, without a privacy-protecting measure on the buyer’s side, the company is now able, if it so chooses, to associate the buyer’s identity with her bitcoin wallet address.

In isolation, knowing the identity of a buyer and her bitcoin address may not pose significant privacy concerns since a company would still not know the identity of the other sellers that the buyer transacts business with. However, the possibility exists that businesses might create “bitcoin identification networks” modeled after our current third-party ad networks.  Were companies to begin sharing “de-identified,” “non-personally identifiable” bitcoin wallet addresses with each other, they would effectively have access to people’s complete purchase histories.

A few tools exist that may address the consumer-side privacy concerns. Many of those tools require bitcoin holders to deposit their bitcoins into a third-party account for their bitcoins to be traded or “tumbled” for new bitcoins that are disassociated with their wallets and transactions. However, since bitcoin transactions are irreversible, tumbling tools necessarily rely on blind trust that the third-party tumbler will not abscond with their money. It also remains to be seen whether such tools gain broad scale adoption or whether they would even be effective in protecting privacy were a bitcoin identification network actually created. Prior to entering into commercial transactions using bitcoins, buyers might first consider the effectiveness of their existing privacy tools and the impact their transactions may have on disclosing their purchasing histories in the future.

*The views expressed in this article are my own and do not necessarily reflect those of the Federal Trade Commission.

Comments

  1. Paragraph writing is also a excitement, if you be familiar with after that you
    can write or else it is difficult to write.

  2. Carl Mullan says

    This is an excellent article and a big concern for naive consumers. I don’t think the general public is really aware of this digital trail.

  3. I just had this argument with some friends when they wanted to add TPM with Bitcoins and collect users ID information. The main reason why people use bit coins is anonymity, privacy so if you take that away with a third party collecting your users data, then how does that make it safer and your users privacy is gone.
    As to tracking you down thru your transactions we have the new BIP32 Hierarchical Deterministic HD wallets to avoid that, by being able to create sub-wallets in a tree structure so you can create wallets 5-6-255 levels down and then add a new address for every transaction then you can add more needles(transactions) in the Public blockchain so it makes that harder to find your -master-wallet. I am also using Tor to mast the IP address- you miss that in your column – they can tract you down to your IP address and so can steal your computer. Adding Tor to the Bip32 wallet will make this a true safe wallet.
    If you need more help I written a few books on Tor and Bitcoins and currenty building the first BIP32 web wallet that will revolutionize the Alt-currency wallets in the future. Check out the bitcoinwalletnetwork.com or uscyebrlabs.com for more information on any Bitcoin question you have

    • Anonymous says

      “The main reason why people use bit coins is anonymity”

      Is this really a true statement? Because so far everything I have read about Bitcoins would suggest the opposite is true, this article shows HOW the opposite is true, but I have known this as long as I have known about Bitcoins, there is NO ANONYMITY and CAN NOT have anonymity in any system that creates a “public ledger” of ALL transactions. Anyone who has fallen for the idea that using Bitcoins is anonymous obviously hasn’t used any critical thinking skills. “public” means “not private” and that means “not anonymous.” Much the same that if a = b and b = c, then a = c as well, though the technical method to arrive at a = c might be user identification networks, or half a dozen other ways to identify the owner of bitcoin wallet holders that I won’t go into.

      The next step in the chain is of course Bitcoin banks that are “insured” and then you come right back to the same system the U.S. already uses, but in a digital world, and with even less privacy.