Ethereum is losing its privacy, warns a new paper, as “careless” users make linking their addresses to real-world identities easy.
With the disquieting title,,” the paper – a joint-publication from researchers at the Institute for Computer Science and Control in Hungary, Eötvös Loránd University, Széchenyi István University and HashCloak – argues governments and private-entities are quickly learning how to strip away anonymity from Ethereum. And that’s in part because users are making it easy for them.
“Careless usage easily reveals links between deposits and withdraws and also impact the anonymity of other users, since if a deposit can be linked to a withdraw, it will no longer belong to the anonymity set,” the authors write.
The researchers argue that Ethereum’s account-based model makes it more susceptible to surveillance than some other protocols, such as Bitcoin.
“The lack of financial privacy is detrimental to most cryptocurrency use cases,” they continue. “We do believe if users were using the technology in a sound way or a privacy-focused wallet software would have helped them and abstracted away potential privacy leaks.”
This concern isn’t new: news organization Decrypt identified a number of Ethereum users by , citing user actions as being partly to blame.
Unlike Bitcoin, which relies on an Unspent Transaction Output (UTXO) model, the Ethereum protocol keeps track of a user’s ether. Rather than effectively creating a new address for each payment (as with Bitcoin), Ethereum records what a user has sent out, say, 1 ETH, but still has 10 ETH, remaining.
A good analogy is Bitcoin is like physical cash in a leather-wallet, with a balance being the amount of unspent cash. Meanwhile, Ethereum is more like a bank account, where a bank, or in this case protocol, knows how much money the account holder has and updates it accordingly.