PrivacyThis is the approved revision of this page, as well as being the most recent.
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby express themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share common themes. When something is private to a person, it usually means there is something to them inherently special or sensitive. The domain of privacy partially overlaps security, including for instance the concepts of appropriate use, as well as protection of information. Privacy may also take the form of bodily integrity.
Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are difficult to foresee. In this paper we study the impact that the prices from consumers’ purchase histories have on the consumers’ location privacy. We show that using a small set of low-priced product prices from the consumers’ purchase histories, an adversary can determine the country, city, and local retail store where the transaction occurred with high confidence. Our paper demonstrates that even when the product category, precise time of purchase, and currency are removed from the consumers’ purchase history (e.g., for privacy reasons), information about the consumers’ location is leaked.
The results are based on three independent datasets containing thousands of low-priced and frequently-bought consumer products. In addition, we show how to identify the local currency, given only the total price of a consumer purchase in a global currency (e.g., in Bitcoin). The results show the existence of location privacy risks when releasing consumer purchase histories. As such, the results highlight the need for systems that hide transaction details in consumer purchase histories.
This is handy for some, but the anonymity is by no means perfect. Security experts call it pseudonymous privacy, like writing books under a nom de plume. You can preserve your privacy as long as the pseudonym is not linked to you. But as soon as somebody makes the link to one of your anonymous books, the ruse is revealed. Your entire writing history under your pseudonym becomes public. Similarly, as soon as your personal details are linked to your Bitcoin address, your purchase history is revealed too.
That raises an important question for people hoping to use Bitcoin to make anonymous purchases: how easy is it to link them with their Bitcoin transactions?
How Bitcoin empowers anonymityEdit
Bitcoin is an important, empowering technology. Using a Bitcoin account with a pseudonym protects your right to remain anonymous on the internet. It allows anonymous or pseudonymous fundraising. Groups can collectively control Bitcoin accounts, and choose to either hide or reveal financial information at will.
There are many positive reasons for a private and secure banking system like Bitcoin:
A workers’ rights group could, for example, raise funds with Bitcoin. The money could be used for servers, flyers, remote helpers… and all without tying any transaction to the real identities of the volunteers.
Likewise, a domestic abuse victim might use Bitcoin to securely stack away funds to prepare for an independent life.
Privacy through pseudonymous accountsEdit
Privacy in traditional banking is guaranteed by the institutions that make up the system, such as banks, credit card companies, and governments. They (try to) ensure that your bank balance stays a secret. This puts them in a delicate position, where only they have complete oversight as to what is going on.
In the Bitcoin ecosystem, everyone can see the history of every account balance, but they cannot see who controls an account. All addresses and transactions are recorded in Bitcoin’s publicly distributed database, the Blockchain. The addresses do not have names or IP addresses attached to them, so it is not always possible to know which transaction belongs to which individual.