February 29, 2016 — The Open Bitcoin Privacy Project (OBPP) released its 2nd edition review of the “Bitcoin Wallet Privacy Rating Report.” Many wallets reviewed from last year have changed positions within the aspects of privacy, quality, usability, and customer feedback. OBPP consists of developer Justus Ranvier, security engineer Kristov Atlas, and OpenBazaar developers Sam Patterson, and Chris Pacia. The creators say the wallet review is a way to “measure their effectiveness at protecting user privacy.”
OBPP: Top 5 Wallets
The number one Bitcoin wallet on the list this year goes to the hardware device Ledger Wallet. Ledger received a 50 out of 100 with its overall score which is focused on the Nano version. OBPP says Ledgers Chrome extension doesn’t offer advanced privacy features like mixing. However the group says, “we found it outperformed its competitors in handling privacy basics.” This includes avoiding address reuse, and support for multiple accounts within a single wallet. OBPP says this type of method is becoming “increasingly important” for users.
Number two on the list is BreadWallet, which was given a 49/100 and said in the report to be a favorite iOS client. The difference between BreadWallet and most mobile offerings is that it uses Simplified Payment verification (SPv) architecture. This the Privacy Project says allows the platform to access data directly from nodes within the network avoiding leaking information commonly found in mobile transactions.
Airbitz takes the third position in the privacy report with its hierarchical deterministic (HD) wallet with a 47/100. The service was one of the first HD wallets implemented OPBB says introduced in 2014. This allows more advanced support for multiple accounts held within the Airbitz interface. Airbitz has moved up from last years 6th position out of ten wallets reviewed last year.
Privacy by default, decentralization, and zero-knowledge are pillars of our edge security platform, and we aim to make it the default for all apps, all people, and in all countries.
**Editors Note: OBPP recently published a small change to the report that increased Bitcoin-Qt’s score by 2 points and moved them to rank #4. The full report can be downloaded here.
Darkwallet was the OBPP’s top contender last year but has now dropped to the fourth position. The Darkwallet score is a 45/100 in overall privacy. Lack of development has left Darkwallet’s code collecting dust and the organization says it’s remained “untouched since our last review.” This, in turn, threatens the model with progress by the many competitors coming into the wallet ecosystem. However, the project still holds a couple features others have not yet accomplished. OBPP explains in the report:
To date, Darkwallet is still one of only two graphical wallets with CoinJoin support, and one of a handful with ECDHM address support. Darkwallet enables both CoinJoin and ECDHM addresses by default. However, disuse has reduced the available number of Darkwallet partners for CoinJoin transactions, yielding very limited use at present. After a short timeout period, if no other users are available to mix with, the transaction will proceed without the use of CoinJoin.
The fifth wallet in the rankings goes to Arcbit. The Privacy Project says this a new “contender on the iOS platform,” that also includes ECDHM address use. The OBPP report says that ECDHM addresses are declining within wallet integration these days and Arcbit has “attempted to reinvigorate the technology.” This entails what they call “forwarding addresses” and helps eliminate address reuse. However, there is one point of failure within the architecture OPBB reports.
“A prominent weakness for ArcBit and many other mobile wallets is protecting users from network observers,” OBPP states. “While forwarding addresses help protect user privacy on the blockchain, their computationally intensive architecture requires ArcBit users to entrust their privacy to trusted servers, which help to track payments on behalf of the iOS wallet client.”
Additional Wallets Reviewed
A new addition to the list is the Android Bitcoin wallet Samourai. The wallet was introduced in 2015 with a series of privacy features from its inception. This includes BIP-69 fingerprinting countermeasures, warnings to those reusing addresses, and a remote wallet wiping feature. Samourai says they are currently producing a new form of ECDHM, CoinJoin capabilities, and built-in vPn/Tor support as well.
Other notable wallets include the Trezor, Luxstack and more. The most popular client Blockchain.info’s wallet was rated 17th out of the twenty. OPBB says “the wallet and API combined represent 30% to 60% of all on-chain transaction volume.” The privacy organization had not reviewed the new HD mobile version yet because it was just recently released. They concentrated on the desktop version which they say has remained unchanged since the last review. Although one privacy-centric feature held on Blockchain.info’s desktop interface is the Sharedcoin feature and only DarkWallet shares this element.
The bottom of the list wallet at number 20 belongs to Coinbase. The exchange, payment processor, and wallet service is a pretty popular platform but lacks in privacy. Brian Armstrong recently addressed this matter saying Coinbase is a retail exchange and “not a wallet.” Armstrong details in his blog post “you will not be anonymous if you decide to use Coinbase.” OBPP says they reviewed the company last year, and there have been no significant developments concerning privacy.
Many other contributors helped with the OBPP review process including Andreas Antonopoulos, LaurentMT, Jameson Lopp, and others. SatoshiLabs provided the group with testing hardware, and many other companies volunteered feedback as well. OBPP says it will continue its mission researching ways “to make financial privacy visible so that individuals and organizations can make informed decisions about privacy risks.”
Is you wallet in the top OBPP 2016 list? Let us know in the comments below!
Images courtesy of the various wallet websites, and the OPBB report.