Darkwallet and Armory Come Top in Bitcoin Wallet Privacy Study

[sgk]

Bitcoin wallet providers Darkwallet and Armory performed the best in an independent test that sought to identify the strongest wallet offerings for financial privacy.

Darkwallet version 0.8.0 and Armory version 0.93.1 both received top scores of 45 out of 100 from the Open Bitcoin Privacy Project (OBPP) Spring 2015 Wallet Privacy Rating Report, the first release from the open-source organisation that seeks to promote and improve privacy in the bitcoin ecosystem. Scores were based on performance in five categories that assessed the privacy the wallets offered from blockchain observers and network observers, among other factors.

Ranking last in the study was Coinbase's online wallet, which received a total score of eight out of 100. Coinbase notably received no points in three of the five categories, while elsewhere, Mycelium, the Bitcoin Wallet and Electrum rounded out the top five wallets.

OBPP contributing engineer Justus Ranvier said he hopes the report will be the first in a triannual series of releases aimed at providing a way for consumers to better evaluate marketing efforts around bitcoin wallets.

Full Story:
http://www.coindesk.com/study-darkwallet-armory-bitcoin-wallet-financial-privacy/

More Info on OBPP & Report:
http://www.openbitcoinprivacyproject.org/
http://www.openbitcoinprivacyproject.org/2015/05/spring-2015-wallet-privacy-rating-report/

[unamis76]

This seems like a nice study with pretty conclusive results. I've used most wallet they analysed and I agree with their results.

I also didn't know OBPP. About time we have such an organisation. Let's just hope they don't crash and burn...

[btchris]

This seems like a nice study

The collection of factual data is nice, as are some of their ideas where existing wallets can improve privacy.

with pretty conclusive results.

Not IMO... the score weighting is completely arbitrary. It's not unreasonable, but it'd be easy to reach very different conclusions with equally reasonable but different choices in the weighting.

Of course, people like to see a bottom line and generally can't be bothered to take the time to draw their own conclusions, so it's not surprising that the authors decided to create such a bottom line score (useless though it may be IMO)....

I'm also noticing at least two points which they did not consider, but perhaps should have.

1. Armory is I believe unique among popular wallets in that it still uses uncompressed public keys. This makes it possible to identify likely Armory-created transactions, and perhaps easier to correlate transactions to particular wallets.

2. Some wallets, e.g. Electrum, do not consider an address as "used" until it is associated with a transaction with a certain number of confirmations. If a wallet user asks for a new receive address, they will be presented with the same address as previously displayed until it is considered "used" by the above criterion. (In the Electrum case, they can manually choose an address which they believe has not yet been given out, but they must keep track of this themselves.)

[sgk]

2. Some wallets, e.g. Electrum, do not consider an address as "used" until it is associated with a transaction with a certain number of confirmations. If a wallet user asks for a new receive address, they will be presented with the same address as previously displayed until it is considered "used" by the above criterion. (In the Electrum case, they can manually choose an address which they believe has not yet been given out, but they must keep track of this themselves.)

Isn't this the case with every Bitcoin wallet out there? I mean, which wallet keeps track of the already generated addresses? If they could, how will the concept of a completely secure cold storage work?

And aren't the chances of generating same address twice so low you can just not bother about it?


Math:

7 billion people generating 1 million addresses per second for 100 years yields:
7×109×106×3600×24×365×100 = 2.20752×10²⁵ addresses generated
There are 2160 (1.46×10⁴⁸) possible addresses, so the chance of one of the ~2×10²⁵ addresses being one of the 1.46*1048 addresses is 1 in 6.6×10²².
The chance of winning the Powerball jackpot once is 1 in 175 million. Winning twice is 175M2: (175×106)2 = 1 in 3.0625×10¹⁶.
So it's more likely to win the Poweball jackpot twice, than it is for 7 billion PCs, each generating 1 million addresses per second for 100 years to generate the same address.


Source:
http://www.reddit.com/r/Bitcoin/comments/215gsv/can_two_people_accidentally_generate_the_same/

[jl2012]

2. Some wallets, e.g. Electrum, do not consider an address as "used" until it is associated with a transaction with a certain number of confirmations. If a wallet user asks for a new receive address, they will be presented with the same address as previously displayed until it is considered "used" by the above criterion. (In the Electrum case, they can manually choose an address which they believe has not yet been given out, but they must keep track of this themselves.)

Isn't this the case with every Bitcoin wallet out there? I mean, which wallet keeps track of the already generated addresses? If they could, how will the concept of a completely secure cold storage work?

Every time you request a new address from Aromry, it gives you a new one.

[btchris]

2. Some wallets, e.g. Electrum, do not consider an address as "used" until it is associated with a transaction with a certain number of confirmations. If a wallet user asks for a new receive address, they will be presented with the same address as previously displayed until it is considered "used" by the above criterion. (In the Electrum case, they can manually choose an address which they believe has not yet been given out, but they must keep track of this themselves.)

Isn't this the case with every Bitcoin wallet out there?

You misunderstand what I was trying to say (or rather I wasn't being very clear).

When you hit the "give me a new receive address" button, some wallets will [try to^*] always generate a new address. Other wallets will choose a currently unused address, although it may be an address that's been displayed to the user previously. Electrum is of the latter type—it's easy to mistakenly give the same address to multiple people as long as the address has no current transactions associated with it.


(I don't mean to pick on Electrum... it just happens to be a wallet I know which does this, there may be others as well.)

* It'd be reasonable for a wallet to avoid generating new addresses that would violate the wallet's gap limit, however a privacy-conscious wallet should at least warn the user if it presents the same receive address a second time.

[sgk]

2. Some wallets, e.g. Electrum, do not consider an address as "used" until it is associated with a transaction with a certain number of confirmations. If a wallet user asks for a new receive address, they will be presented with the same address as previously displayed until it is considered "used" by the above criterion. (In the Electrum case, they can manually choose an address which they believe has not yet been given out, but they must keep track of this themselves.)

Isn't this the case with every Bitcoin wallet out there?

You misunderstand what I was trying to say (or rather I wasn't being very clear).

When you hit the "give me a new receive address" button, some wallets will [try to^*] always generate a new address. Other wallets will choose a currently unused address, although it may be an address that's been displayed to the user previously. Electrum is of the latter type—it's easy to mistakenly give the same address to multiple people as long as the address has no current transactions associated with it.

[....]

Ahh! I understand your pint of view now!

And yes, your concern is very understandable, makes sense. I would also like a wallet to give me a completely new address instead of pulling out an already generated address that is not currently being used.

[crazyearner]

Always loved darkwallet given the fact of its indeth security it has. Maybe BTC should adopt some of its security make things more secure on BTC then again with one of its main devs making threats to leave the BTC dev team maybe Dark will jump out of the light into the dark and make number 1 spot