OBPP has released its second edition of the report, scoring 20 wallets on their privacy features. The top ranking in this report goes to Ledger, which earned a score of 50 out of 100 possible points, based on usability, quality and feedback.
OBPP’s goal is to make financial privacy visible so that users can make informed choices about privacy risks.
Since the first report, not much has changed for wallet providers, the report noted. Newcomers continue to adopt HD architecture to help users avoid address reuse, but the big privacy pushes during 2014 – such as “stealth” addresses and Tor support — declined during 2015. Wallets are largely in a holding pattern, waiting for competitors to take the lead on innovation.
Improvements are needed to keep bitcoin safe and independent. The report encouraged users to let wallet developers know that they care about privacy, and choose wallets that respond to this demand.
The project has made improvements to its privacy analysis in this year’s report. The threat model has evolved to take a more systematic approach, considering the ways that privacy attackers can work, and the countermeasures that wallet providers can employ to protect their users.
The project has nearly doubled the number of criteria considered for each wallet from 38 points to 68. Also, due to the demand for more wallets, this edition has a total of 20 wallet clients, doubled from 10. That’s a 250% increase in the amount of data collected for this report.
All wallets were rated by at least two professionally-unaffiliated volunteers with cross-checking for consensus to mitigate bias.
Along with information from wallet providers, the ratings represent the accumulation of more than 2,000 data points.
All proceeds from the project go toward the costs of producing the reports and future bitcoin privacy projects.
Privacy scores were based on privacy from blockchain observers, privacy from network observers, transaction participants, physical adversaries, and wallet providers.
The project subjected each wallet to privacy tests with variable weights representing the relative importance of each measure. The result for each test was converted to a numeric score between 1 and 100 and multiplied by the weighting factor. The criteria were designed so that a higher score is always better than a lower one. By adding up the individually-weighted test scores, an overall wallet privacy score is calculated with a maximum possible score of 100 points.
More information about the methodology is available in the GitHub repositoryhttps://github.com/OpenBitcoinPrivacyProject/wallet-ratings
Ratings are as follows:
1) Ledger 50
2) Breadwallet 49
3) Airbitz 47
4) Darkwallet 45
5) ArcBit 45
6) Samourai 43
7) Bitcoin-QT 43
8) Trezor 42
9) LUXSTACK 42
10) Bitcoin Wallet 42
11) MultiBit HD 40
12) GreenAddress 39
13) Armory 38
14) Copay 37
15) Mycelium 33
16) Electrum 33
17) Blockchain 30
18) BitGo 27
19) Hive 19
20) Coinbase 18
Following are excerpts from the individual wallet reviews:
Ledger provides a variety of smartcard-based hardware wallets that store private keys and have integrated into some competing bitcoin wallets, as well as Ledger’s browser extension-based wallet. The project reviewed the 1.4.0 browser and 1.1.0 firmware.
Breadwallet is an iOS wallet offering a simplified user interface providing basic functionality for sending and receiving funds. The simplified payment verification architecture allows it to obtain balance information directly from nodes in the bitcoin network.
Airbitz features sending and receiving functionality, the ability to record transaction details, and a bitcoin merchant directory that allows users to search for bitcoin-accepting businesses. It was one of the first mobile wallets to use an HD architecture, which allows it to easily protect user privacy by automatically creating new addresses for receipt of funds and change.
Darkwallet’s code base has not changed since the last review, but its ranking decline from first to fourth due to updates to the project’s threat model rather than a surge in competitors’ progress. Darkwallet remains one of two graphical wallets with CoinJoin support and one of a few with ECDHM address support.
ArcBit is a newer contender on the iOS platform which emphasizes a streamlined interface and a novel privacy protection: ECDHM addresses. Adoption of ECDHM addresses has been slow among wallet clients outside Darkwallet, but ArcBit has tried to reinvigorate the technology with a rebranding called “forwarding addresses.” The addresses help users avoid address reuse and ensure the sharing of addresses on social networks safe for the first time.
Samourai is a privacy-centric wallet that launched in a closed source alpha release in 2015. During its early versions, it introduced a series of novel privacy features such as BIP-69 fingerprinting, countermeasures, warnings to users about accidental address reuse, and remote wallet wiping via SMS in case of a stolen device.
Bitcoin-Qt is one of two full node clients with a graphical interface. Full nodes have a strong network of privacy protections from downloading a local copy of the blockchain, avoiding the need to query other parties about specific addresses. The official Bitcoin-Qt client has few privacy protections to provide compared to other wallet clients.
Trezor has integrated a variety of wallet software products. A purchaser of the Trezor hardware wallet can select to link the device with clients like Multibit HD, Mycelium and Electrum, and the user’s privacy will be based on the integrated client rather than the Trezor device. The network architecture between the web wallet and the servers it gathers information from causes users to leak information from their wallet over the network when balances are queried or transactions are broadcast.
LUXSTACK, launched in the last year, has an interface that features basic functionality for sending and receiving funds. It utilizes a single-count HD wallet structure to help avoid address reuse.
Bitcoin Wallet, one of the first wallet clients made available for the Android platform, is one of a few mobile wallets supporting the Simplified Payment Verification (SPV) architecture, using the BitcoinJ library. SPV wallets can connect directly to bitcoin nodes to obtain balance information and broadcast transactions rather than relying on a trusted third-party server, as do the majority of mobile wallets.
MultiBit HD, as the name implies, is the new version of MultiBit Classic and uses a hierarchical, deterministic architecture that helps users avoid address reuse and backs up their wallet quickly. It follows an SPV architecture through the use of the BitcoinJ library. It has one unique privacy quirk: by default, one of every several transactions will include a small donation to the Multibit developers.
GreenAddress takes custody over one of the two private keys needed to move users’ multi-signature funds, which allows GreenAddress users to set various security controls like daily spending limits or requiring a second-factor authentication before sending funds. As long as GreenAddress refuses to sign transactions that try to spend the same customer funds twice, they can also use this mechanism to prevent double spends. A quirk of the Chrome plugin user interface is that, in order for a user to generate a new receiving address, he must click on a different category in the menu like “Transactions” and then click back to the “Receiving Money” section.
Armory utilizes Bitcoin Core (bitcoind) to connect to the bitcoin network. Hence, users enjoy the privacy benefits of using a full node. The software is compatible with deterministic address generation and does not reuse addresses by default. Transactions broadcast through Bitcoin Core can be routed through Tor with minor configuration in order to bolster network privacy, although users will need to engage in some setup steps first.
Copay is a multi-signature wallet produced by BitPay. The multi-signature technology allows multiple users to have partial control over the same funds on different devices. The main privacy defense Copay utilizes is its HD address architecture, which helps avoid address reuse. Because of the use of P2SH-style multi-signature addresses, the number of cosigners involved in each transaction is recorded in the blockchain and all cosigners can track each other’s activity with respect to the shared wallet.
Mycelium, a wallet client on the Android platform, uses an HD architecture based on BIP-44, which helps users avoid address reuse and segregate their funds into separate accounts. Managing multiple accounts lets a user keep funds separate for different online identities. It establishes spending and savings accounts, and more. The Mycelium Android client also features a built-in, peer-to-peer system called Local Trader that helps users exchange between fiat currencies and bitcoin, similar to LocalBitcoins.com.
Electrum is a cross-platform, lightweight desktop wallet that uses a deterministic seed to generate all keys, backed up by a 12-word string. Rather than downloading the entire blockchain, the client connects to federated Electrum servers for balance and transaction data. The connections can easily be made through Tor. Electrum is the only bitcoin wallet to be included by default with the privacy-focused Linux distro Tails. It also supports two-factor authentication and provides compatibility with hardware wallets like Trezor and Ledger.
Blockchain has been developing a revamped version of its long-standing web and mobile wallet apps. As these products are in a pre-production stage at this report, the project assessed the web wallet in production, which is largely unchanged since the first report. Blockchain’s SharedCoin feature, exclusive to the web wallet, helps users defend their privacy against attackers using clustering analysis on the blockchain.
BitGo’s current product line emphasizes the use of multi-signature addresses to improve security for users. This approach to wallet security is suited for corporate users and allows a tiered hierarchy when checking the balance of and sending an organization’s funds. Looking at the web wallet, its privacy was comparable to other web wallets. A key difference is that BitGo requires an email address for registration. Users cannot determine the degree to which BitGo’s servers tie the email address to the funds.
Hive is a cross-platform wallet available on the Mac, web and mobile devices. The assessment focused on the OSX version of the app. The Hive OSX client is the only client the project found that lacks a fundamental privacy control; the ability to generate more than one bitcoin address in a wallet. Users cannot escape a pattern of address reuse; they are subject to trivial blockchain analysis attacks.
Coinbase’s wallet can be subdivided into two parts: a classic version and Coinbase Vault. Coinbase acts as a custodian of private keys for both versions, with the exception that Coinbase Vault allows users to retain some of the signing keys needed for a transaction. The report focused on the classic version of the wallet functionality. Because of the custodial nature of the wallet, users are afforded low privacy. Private keys are generated and held serverside, and the service retains detailed information about incoming and outgoing transactions. Customers must undergo a stringent identification process to use the service.
Images from Shutterstock and OBPP.
Last modified: July 13, 2020 3:17 AM UTC