Potential privacy problems for companies accepting Bitcoins

Businesses accepting Bitcoin payments might want to consider the privacy implications that such an option creates for its customers and for themselves.

As you may or may not now, in order to received Bitcoins, you need a Bitcoin address – a unique identifier consisting of a string of 27-34 alphanumeric characters.

While this ID is meant to anonymize Bitcoin users and the transactions they perform, the problem arises with the fact that every transaction is validated and distributed in real-time through the peer-to-peer Bitcoin network, and a public ledger recording all transactions is easily accessible and searchable (for example here).

So, if you know a company’s address – and you can easily find that out by making a payment to them – you can trace all other payments made to it and (in theory) discover what they were for, and thusly, discover something about their finances, supply chain, and more.

Christian Dumontet, a co-founder of online restaurant ordering service Foodler that has started accepting Bitcoin payments a few months ago, explained to Wired that this type of investigation might be difficult, but it is possible to receive satisfactory results – despite the fact that most merchants that accept Bitcoin payments use a new deposit address for each sale.

The thing is that they usually bundle these deposits together to make their own payments, and if a payer tracks his own transaction, he can also analyze the rest of the transactions that got bundled with his and glean something from them.

According to Dumontet, Foodler has created a piece of software that aims to obscure (at least partly) the company’s “Bitcoin trail” by dividing the daily balance into random amounts and lengths of the chain and mixing them up repeatedly.

Paying services with Bitcoin is far from being main stream, and the companies that accept such payments are still rare, so this type of “attack” on the company’s privacy and that of their users is still not that imminent a threat.

Nevertheless, it’s only a matter of time until data-mining tools that will rifle through this publicly accessible information are created, Murray Jennex, an associate professor in information systems at San Diego State University, pointed out for PC World.

If the data proves to be valuable for marketing purposes or any other profitable venture, you can be sure that many will engage in mining it. And companies accepting Bitcoin payments will be forced to think up and enforce new ways to mask the transactions both for their sakes and that of its customers.

Don't miss