According to recent research from Princeton University, websites that accept Bitcoin transactions are increasingly susceptible to security breaches.
What Is Bitcoin?
As you may or may not know, Bitcoin is a predominantly digital currency that can be used to pay for various goods or services. Special wallets or online service software are needed to enable users to trade. The Bitcoin payment network has no central authority and is essentially ‘cash’ for the internet. Just like goods, the price of a Bitcoin is decided through supply and demand. .
Application Whitelisting
Application whitelisting is a technology that helps to prevent malware or viruses from penetrating a computer network. It involves the system administrator only granting permissions for certain ‘whitelisted’ applications to run on the server. It is seen as more secure than blacklisting, as it means that there can’t already be hidden malware on the computers before they are first used (something that would not be prevented by blacklisting).
So why are websites that accept Bitcoin vulnerable to security risks? Well, despite the Bitcoin user being anonymous, the research paper pointed out that the user’s cookies can easily be linked to their cryptocurrency transactions. Cookies are able to store a myriad of information about the user – for example, their preferences, which browser they use, their location and sometimes more. This can potentially lead to the user’s identity being revealed. The report says that only a small amount of the transaction’s information needs to leak for it to be linked to an individual user. It is possible to infer the user’s identity even if they use specific privacy-protection services.
The research showed that of the 130 online merchants that currently accept Bitcoin, over a third (53) leak some payment information to third parties. This is most commonly the information that is entered on ‘shopping cart’ pages and is often done intentionally (e.g. for advertising or analytics).
Bitcoin users do not have much protection against this, the paper says, and the authors believe that the merchants themselves should take more responsibility for the privacy of their customers. However, as many of the leaks are intentional, perhaps this is unlikely.