The Open Bitcoin Privacy Project (OBPP), an open source, global organization whose mission is to improve financial privacy within the Bitcoin ecosystem, has recently published a report on the levels of privacy found in various Bitcoin wallets.
The representatives of the organization has selected key behavioral patterns and features of Bitcoin software that measures its effectiveness at protecting the financial details of its users. The rating report highlights where software is succeeding at protecting users’ privacy, and where it is failing.
Each wallet was analyzed in terms of the usability of its privacy projections, the effectiveness of those protections, and the level of guidance provided to users to guard their own data.
Coinbase, the most popular and commonly used Bitcoin wallet, received a score of 11 out of 100 for overall wallet privacy, which makes it clear that Bitcoin transactions are definitely not anonymous or private by default.
It bears reminding that Coinbase provides Bitcoin exchange, payment processor, and wallet services on the web. Two versions of their wallet functionality, a classic version and Coinbase Vault, are pseudo-wallets in that Coinbase acts as a custodian of private keys, with the exception that Coinbase Vault allows users to retain some of the signing keys required for a transaction.
According to the results of the report, provided by OBPP, because of the custodial nature of Bitcoin wallet Coinbase, users are afforded low privacy. Private keys are generated and held server-side, and the service keeps detailed information about incoming and outgoing transactions. In order to use the service, customers must go through a rigid identification process. The wallet generates new Bitcoin addresses for change, but employs few other basic controls to protect privacy on the blockchain.
The report says that there are a number of basic improvements that can be made to Coinbase wallet to protect customer privacy including discouraging address reuse and randomizing output indexes on the blockchain. Besides, in the future, Coinbase can provide better feedback to users about actions that will degrade their privacy, such as merging inputs when sending Bitcoins from their Coinbase wallet.
However, Coinbase is a company that needs to prove to regulators that its service as compliant as possible with various KYC/AML requirements, which means that a poor score in a report on privacy may actually be helpful in proving to regulators and lawmakers that the company is not trying to allow people to transact in an anonymous manner on its platform. Due to the regulatory microscope Coinbase find itself under, it would be difficult for the company to bring better privacy protections to its platform.