A crypto user’s address can tell a lot about their behavior, even their identity. The explanations.
While cryptocurrencies still suffer from a reputation as untraceable technology, in reality nothing ever has been, except Monero : indeed, they are mainly based on blockchains, which are ultimately just distributed databases. However, by definition, a database contains information. In fact, users are not anonymous, but pseudonyms, represented by public addresses. And wallets contain a lot of data that reveals their behavior, even in some cases more sensitive information.
What is the most common information visible in a portfolio?
A crypto wallet easily reveals three types of data:
- the user’s public address
- balance of assets
- transaction history, including amount, timestamp, and recipient address
This data is even more visible in the case of a blockchain based on an account model, like Ethereum, than in a so-called UTXO model, which will be translated as an unspent transaction result, like Bitcoin. With bitcoin, each transaction is supposed to generate a new address into which unspent bitcoin units from previous addresses are consolidated. Thus, each new transaction is associated with a unique address.
Ethereum works on an account model, which is based on a unique address, which is actually used for every transaction. Even if the UTXO model is far from everything unhingetherefore it has the merit of making it more complicated to discover a user’s transaction history.
Hosting your own node or connecting to a third party: a fundamental difference
Blockchains are based on a peer-to-peer (p2p) model and to execute a transaction, you have no choice but to connect to its network, distributed by nodes, on computers or short servers that store and share the history of the blockchain .
In reality, with the growth of exchange platforms, mobile wallets and hot wallets, few crypto users use their nodes: on the Bitcoin layer-1 network, the Bitnodes analytics site has about 14,800 accessible nodes (which accept incoming connections) and a total. of 43,000 nodes worldwide, while an app from bitcoin developer Luke Dash Jr counts around 46,500 nodes worldwide; Bitcoin’s layer 2 Lightning network reaches about 16,000 public nodes, according to 1ML.com. On the Ethereum side, the site Eternodes reports about 3,500 synchronized nodes. In the same time, the Triple A firm estimates the number of crypto users at 320 million worldwide in 2022 while for France, KPMG estimated it at 8% of the population. Therefore, it is clear that most of these users go through third-party nodes (according to our sources, even some brokers do not maintain nodes for all assets). However, connecting to a third-party node to access the blockchain means compromising its IP address, which can therefore be associated with a transaction history, a wallet balance.
Data collected by crypto service nodes
Worse, the third node host does not guarantee the confidentiality of this information: in November 2022, ConsenSys, the owner of the Metamask wallet, disclosed that it collected personal information from users if they used Metamask’s default configuration, that is, with an Infura node, also owned by the firm. Information that may be shared with affiliates, business partners, authorities and other service providers, according to the terms displayed on the ConsenSys website. The ability of nodes to gather information also explains why blockchain analytics companies like it chain analysis host them, especially in the context of services for governments and police authorities.
To best protect yourself from this type of data collection, it is quite possible to host your own node, which allows you to guarantee access to the network without third parties and participate in its consensus. Since a full node broadcasts all network transactions, it also more easily hides those of its owner. Finally, and even if this practice does not guarantee complete confidentiality, it is also possible to run a node behind Tor to hide its IP address.
Moreover, holding a node is not incompatible with using a hardware wallet such as Ledger or Trezor: the French firm has also published a guide to his website while its competitor also gives a manual involving the use of Electrum.
The case of NFTs
In the time of GDPR, many companies covet NFT as a new tool for acquiring and managing customers, because it allows them to deprive themselves of data related to the identity of customers, and thus preserve databases of sensitive, piracy and regulations. “NFT allows us to approach clients with full respect for data and confidentiality,” Stéphanie Zolesio, general manager of the real estate division within the Casino group, told us. in the year 2022.
Companies no longer need to keep data private as user wallets do it for them: by collecting an NFT, a customer thus enters the address of a wallet and, if not created for this occasion, its entire history. “The wallet gives a lot of information: how many ethers (Ethereum blockchain currency, editor’s note), and NFT has? And does this person interact a lot with a smart contract. Does she buy regularly and if so, what kind of NFT? How often ? Then, we can target these wallets according to their budget, their country”, the head of the agency Web3 Exclusive underlined in the same article. “It’s much more interesting for a token to know the flow of buying, reselling, using an NFT than knowing the true identity of a customer,” added Stéphanie Zolesio.
Sometimes, the client even provides his own identity: with blockchain, decentralized domain names are experiencing significant growth. These extensions are names registered on a blockchain in the form of an NFT and can be linked to a URL address or a crypto address. Therefore it is no longer unusual to see some users register their last name on the blockchain and link it to a wallet: for example, Paris Hilton holds parishilton.eth, an address that refers to a wallet that holds more than 1500 NFT, including a bored monkey. worth about 100 thousand dollars.
Of course, a surname can always be the object of cyber hoarding, a practice that consists of parasitizing a domain name that corresponds to the name of a brand or a person, but apart from this scenario, it is clear that these names Decentralized domain names -its are one more way. to associate a physical identity with a virtual user.