Report: Bitcoin Wallet Providers Failing to Make Privacy a Priority

failing-grades-e1456777319564
29 February 2016

Bitcoin wallet providers haven’t focused on increasing privacy to promote consumer financial independence and safety over the last year, according to the Open Bitcoin Privacy Project’s (OBPP) second edition survey.

As no provider received a score of more than 50 out of 100, the OBPP suggests privacy work has stagnated within the bitcoin wallet industry and that improvements to these services are greatly needed.

While new bitcoin wallet providers have begun adopting hierarchical deterministic (HD) architecture for advanced security, the OBPP contends that many privacy advances from 2014, including Tor support and stealth addresses, were not incorporated by wallet providers in 2015.

The project wrote in its latest analysis:

“Wallets seem to be mostly in a holding pattern, waiting for their competitors to take the lead on innovating.”

Ranvier told CoinDesk that OBPP’s criteria is designed to “leave room for improvement”, but that he believes the low scores are a reflection of bitcoin wallet providers and their sometimes slow efforts to address privacy bugs and leaks.

Since the first edition of the report, OBPP has increased the number of criteria it looks at when ranking wallets from 38 to 68 and doubled the number of wallets it reviewed from 10 to 20.

The report is a follow up to its first survey, released in May 2015 with the aim of improving financial privacy within the bitcoin ecosystem. Contributors to the open-source effort include Blockchain security engineer Kristov Atlas and Stash Crypto software designer Justus Ranvier.

Top performers

Bitcoin hardware wallet provider Ledger took the top spot for most privacy-attentive wallet, scoring a 50 out of 100.

The company got high marks for having a variety of smartcard-based hardware wallets, including Ledger Nano. The USB stick wallet stores user’s private keys and when inserted into a computer and validated with a PIN allows users to send and receive to multiple accounts.

Ledger’s Chrome extension also outperformed its competitors due to an interface that moves users away from reusing addresses and allows for management of multiple accounts within a single wallet.

The extension was deducted points, though, for its lack of advanced privacy features including mixing.

BreadWallet and Airbitz came in second and third, respectively.

BreadWallet received high marks for its use of simplified payment verification (SPV), an option the OBPP lauded for eliminating potential data leaks when transmitting information between other wallet providers and mobile clients.

Likewise, Airbitz was given praise as being one of the first wallets to provide HD architecture. Further, its transaction broadcasting is done through one or more Obelisk servers offering more privacy than the single server models most other wallets use, the report said.

Improvements needed

Darkwallet, which tied for first place last year, was ranked fourth this year with the same 45 out of 100 score. According to the OBPP, the wallet’s offering remains strong, but it cautioned that there has been a lack of development on the release since February 2015.

Darkwallet tied with Armory last year, but Armory’s ranking dropped to 13th this year with a score of 38 out of 100, a move that coincides with rumors about uncertainty regarding that project’s future.

Venture-backed Coinbase, again, ranked last in the survey this year. OBPP explained that the company’s custodianship of customer funds and stringent identification process were two reasons for the low score.

As a regulated entity, Coinbase must comply with know-your-customer (KYC) rules, although OBPP said the company could discourage bitcoin address reuse to enhance privacy without violating those guidelines.

Coinbase recently published a Medium post explaining that it sees itself as more of a retail exchange than a wallet provider.

Star ranking image via Shutterstock