Difference between revisions of "Mystery shopper payments"

From Bitcoin Wiki
Jump to: navigation, search
m (See also: Add link)
m (Bad privacy example - Receiving donations spied on with mystery shopper payments: Typo)
 
Line 11: Line 11:
 
# You set up a web server to give out unique addresses for each visitor.
 
# You set up a web server to give out unique addresses for each visitor.
 
# An adversary who wants to get an idea of your total donation income donates a small amount of bitcoin to you.
 
# An adversary who wants to get an idea of your total donation income donates a small amount of bitcoin to you.
# You combine all donations to use as inputs one transaction, thereby linking them together with the [[common-input-ownership heuristic]].
+
# You combine all donations to use as inputs in one transaction, thereby linking them all together with the [[common-input-ownership heuristic]].
 
# The adversary now has a good idea of your total donation income.
 
# The adversary now has a good idea of your total donation income.
  

Latest revision as of 16:11, 8 June 2021

Mystery shopper payments are a class of privacy attack. A mystery shopper payment is when an adversary pays bitcoin to a target in order to obtain privacy-relevant information.

For example, if the target is an online merchant then the adversary could buy a small item from the store. On the payment interface they would be shown one of the merchant's bitcoin addresses. The adversary now knows that this address belongs to the merchant and by watching the blockchain for later transactions other information would be revealed, which when combined with other techniques could reveal a lot of data about the merchant such as income, turnover, etc. This works because anybody on the entire internet can request one of the merchant's addresses.

Mystery shopper payments are usually used as a starting point and then combined with other privacy attack techniques such as the common-input-ownership heuristic and change address detection. They work even if address reuse is avoided.

Mystery shopper payments can be resisted by awareness of what information is leaked. Care must be taken when spending incoming funds.

Bad privacy example - Receiving donations spied on with mystery shopper payments

  1. You want to accept bitcoin donations but don't want to reveal the total donated amount.
  2. You set up a web server to give out unique addresses for each visitor.
  3. An adversary who wants to get an idea of your total donation income donates a small amount of bitcoin to you.
  4. You combine all donations to use as inputs in one transaction, thereby linking them all together with the common-input-ownership heuristic.
  5. The adversary now has a good idea of your total donation income.

Be mindful of what is being revealed with the common-input-ownership heuristic.

See also