Ledger receives top mark in 2nd Open Bitcoin Privacy Project report

Open Bitcoin Privacy Project logo

The Open Bitcoin Privacy Project (OBPP) – an open-source, global organization whose mandate is to improve financial privacy within the Bitcoin ecosystem – has released its second report rating Bitcoin wallets.

In the new report, OBPP assesses 20 wallets, double the amount of wallets examined in its inaugural report. Each wallet was subjected to 68 privacy tests with variable weights representing the relative importance of each measure. The result of each test was converted to a raw numeric score between 0 and 100 and multiplied by the test’s weighting factor. Each wallet was assessed in five categories: privacy from blockchain observers, privacy from network observers, privacy from transaction participants, privacy from physical adversaries and privacy from wallet providers.

Ledger ranked first in overall wallet privacy, with a score of 50 out of 100. For its analysis, OBPP focused on the Ledger Nano, which is a USB stick that can be inserted into a desktop computer. The organization says that while Ledger’s Chrome extension does not support advanced privacy features such as mixing or maintaining a local copy of the blockchain, it found that Ledger outperformed its competitors in handing privacy basics.

“The Chrome extension’s interface is designed to help users avoid address reuse, and provides excellent support for managing accounts within a single wallet,” says OBPP in its report. “Multiple account support is growing increasingly important as users’ interact with the world using Bitcoin while assuming many online identities.”

Rounding out the rankings in overall wallet privacy are:

(2) Breadwallet: A popular iOS wallet, Breadwallet uses a Simplified Payment Verification architecture that allows it to attain balance information directly from nodes in the Bitcoin network. “By accessing the Bitcoin network directly, this avoids leaking some of the information commonly transmitted from mobile clients to wallet providers,” notes the report.

(3) Airbitz: Airbitz was one of the first mobile wallets to use an HD architecture, allowing it to easily protect user privacy by automatically generating new addresses for receipt of funds and change, as well as allowing more advanced support for multiple accounts than many of its competitors. However, says the report, Airbitz needs additional controls to thoroughly protect blockchain privacy, such as mixing funds.

(4) Darkwallet: Although its code base has not been touched since OBPP’s previous review, its decline from first to fourth in the ranking was caused mainly by updates to the organization’s threat model. “To date, Darkwallet is still one of only two graphical wallets with CoinJoin support, and one of a handful with ECDHM address support,” says the report. “Darkwallet enables both CoinJoin and ECDHM addresses by default. However, disuse has reduced the available number of Darkwallet partners for CoinJoin transactions, yielding very limited use at present. After a short timeout period, if no other users are available to mix with, the transaction will proceed without the use of CoinJoin.”

(5) ArcBit: The report states: “While adoption of ECDHM addresses has been slow among wallet clients outside of Darkwallet, ArcBit has attempted to reinvigorate the technology with a rebranding they call ‘forwarding addresses.’ Such addresses help users avoid address reuse, and make the sharing of addresses on social networks safe for the first time. A prominent weakness for ArcBit and many other mobile wallets is protecting users from network observers. While forwarding addresses help protect user privacy on the blockchain, their computationally intensive architecture requires ArcBit users to entrust their privacy to trusted servers, which help to track payments on behalf of the iOS wallet client.”

(6) Samourai: During its early alpha versions, Samourai introduced several novel privacy features, including BIP-69 fingerprinting countermeasures. The company has promised more privacy features in future versions, such as BIP-47 reusable payment codes. Samourai developers have also pledged to publish their code for security by other developers and users. “The wallet is off to a stronger start in 2015, and threatens to usurp Darkwallet for the spotlight in 2015 as the defacto choice for privacy-minded users,” says the report.

(7) Bitcoin-Qt: The original Bitcoin wallet, Bitcoin-Qt is the one of two full node clients with a graphical interface. “Full nodes have strong network privacy protections by virtue of downloading a local copy of the blockchain, avoiding the need to make queries to other parties about specific address. Aside from this strength, the official Bitcoin-Qt has few privacy protections,” says the report.

(8) Trezor: A plain and simple web wallet, Trezor’s interface steers users away from address reuse and offers excellent multi-account support. However, as the report notes, the primitive network architecture between the web wallet the services from which it gathers information causes users to leak information about their wallet over the network when balances are queried or transactions are broadcast.

(9) LUXSTACK: This wallet sits right in the middle of its competitors with respect to privacy. Its interface includes basic functionality for sending and receiving funds, and uses a single-account HD wallet structure to help avoid address use.

(10) Bitcoin Wallet: One of only a few mobile wallets supporting a Simplified Payment Verification (SVP) architecture, Bitcoin Wallet faces an unresolved problem of network privacy. It does not support multiple accounts for users; instead it recommends that users undergo a laborious process of setting up multiple Android user accounts and switching between them as needed.

(11) Multibit HD: Suffering from the same network privacy challenges as other SPV wallets, Multibit HD has a unique privacy quirk. By default, one out of every several transactions will include a small donation out to the wallet’s developers. “While this is a clever business model, it does betray to passive blockchain observers which client was used to author the transactions. This can be disabled by making a more sizeable donation to the development team,” the report says. Multibit shut down on July 26, 2017.

(12) GreenAddress: The report states “Prevention of double spending is the origin for the name of this service: a trustworthy address is considered ‘green’ for acceptance without confirmations, assuming you trust the company not to allow double-spends. One quirk of the Chrome plugin user interface is that, in order for a user to generate a new receiving address, he must click on a different category in the menu, such as ‘Transactions,’ and then click back to the ‘Receive Money’ section. This may lead users to accidentally reuse addresses if receiving multiple transactions in a row, of if they leave the application open in between use.”

(13) Amory: A security-focused desktop wallet geared toward intermediate and advanced Bitcoin users, Amory uses Bitcoin Core (bitcoinid) to connect to the Bitcoin network, allowing users to enjoy the network privacy benefits of using a full note. The report stats Armory can improve privacy protections for users on the blockchain by supporting a mixing protocol such as CoinJoin and more careful handling of change outputs.

(14) Copay: Produced by BitPay, Copay uses an HD address architecture to help avoid address reuse. OBPP says some privacy defenses missing from Copay, but commonly present in other wallets, include BIP-62 to avoid client fingerprinting, avoiding the querying of balance information from separate accounts in the same request, protecting physical access to wallet data through a PIN, and allowing users to review their telemetry data before it is sent to the company.

(15) Mycelium: This popular Android wallet uses an HD architecture based on BIP-44, which helps users avoid address reuse and segregate their funds into separate accounts. OBPP says that since its latest report, Mycelium has not changed much in terms of privacy and it has lagged somewhat behind its competitors. The organization says Mycelium is rumored to be working on a CoinShuffle implementation, which would be an industry first and could significantly decrease the amount of information leaked to the blockchain regarding users’ finances.

(16) Electrum: This is the first wallet to implement BIP-69 in version 2.3.2 as a countermeasure against passive blockchain observers trying to identify Electrum transactions on the blockchain. The report says because the Electrum client connects to servers for data, users give up privacy and must rely on trust in the blockchain information received. Electrum could improve by implementing features such as mixing support, as well as provide more detailed warnings to users before privacy violations occur

(17) Blockhain: The SharedCoin feature exclusive to the web wallet helps users protect their privacy against attackers using clustering analysis of the blockchain. Overall, the report says, Blockchain’s outdated web wallet provides fewer privacy protections than do most of its competitors. Users must take additional actions outside the normal sending and receiving workflows to avoid additional privacy pitfalls like address reuse.

(18) BitGo: In many way, BitGo’s web wallet privacy was comparable to other web wallets OBPP reviewed, but one key difference is that this wallet requires an email address for registration. “Users unfortunately cannot determine the degree to which BitGo’s servers tie the email address to funds,” says the report. “For the average user, this is a risky privacy proposition, since email address are often closely tied to a person’s online and offline identity.”

(19) Hive: “To date, the Hive OSX client is the only client we’ve found that lacks a fundamental privacy control: the ability to generate more than one Bitcoin address in a wallet,” says the report. “As users cannot escape a pattern of address reuse, they are subject to trivial blockchain analysis attacks.”

(20) Coinbase: The quality of Coinbase’s wallet has not changed since OBPP’s last report, the organization says. Given the custodial nature of Coinbase’s wallet, users are afforded little privacy. Private keys are created and held server-side and the service retains detailed information about incoming and outgoing transactions. Users must undergo a stringent process in order to use the service. The wallet pumps out new Bitcoin addresses for change when sending funds from the wallet, but uses few other controls to protect privacy on the blockchain. OBPP says Coinbase can make several basic privacy improvements to its classic wallet without violating Know-Your-Customer regulations, such as discouraging address reuse and randomizing output indexes on the blockchain.

“Since our first report surveying user privacy in Bitcoin wallets, not much has changed for wallet providers,” says Kristov Atlas, an OBPP contributor, in an online post about the report. “Thankfully, we’re seeing newcomers consistently adopt an HD architecture to help users avoid address reuse, but many of the big privacy pushes during 2014 — such as ‘stealth’ addresses and Tor support — stalled out during 2015. Wallets seem to be mostly in a holding pattern, waiting for their competitors to take the lead on innovating.”

Image credits:

OBPP logo – Via their website’s Media section

Breadwallet logo – Courtesy of Breadwallet

Airbitz logo – Courtesy of Airbitz

BitGo logo – Via their press kit

Coinbase logo – Courtesy of Coinbase