The subject of online crypto payments has been a hot topic since the inception of Bitcoin.
At this point, reputable firms have expressed views in favor of applying virtual coins in trade.
It is common knowledge that all the proponents of cryptocurrencies hold a common value that advises their decisions-financial privacy.
Yet, online platforms, including ecommerce websites, are riddled with cases of third-party tracking events.
Current Status
Among the key components of cryptocurrencies is its promise of online anonymity. This also happens to be one of its greatest points of criticism.
Various pundits across social and economic ecosystems have come out to smear the crypto industry as a confluence of drug dealers, cybercriminals, terrorists and despots.
To tackle this issue, governments have endeavored to establish interventions aimed at tracing the "movement" of digital currencies.
Notwithstanding the notion that cryptocurrencies were created to guarantee anonymity, authorities have succeeded in controlling the sector owing to the fact that virtual coins are essentially pseudo-anonymous.
This reality presents itself when considering the possibilities of associating transactions to fixed wallet addresses. In this regard, cryptocurrencies are not entirely a network of anonymity, but rather a pseudo-anonymous system.
The Attack Model
Having dealt with the status quo, the following section will illuminate the aspect of third-party involvement in tracing cryptocurrency transactions.
This phenomenon can be well understood through the lens of an actual third-party attack model that links merchants and payment processors to trackers.
Ideally, a crypto-based ecommerce flow chart features a merchant, payment processor, an end user and trackers.
Merchants denote websites that host shoppers, otherwise referred to as users in this context.
A majority of merchants depend on the workings of payment processors such as Coinbase. The purpose of such processors is to manage logistics surrounding crypto processing.
In practice, when a user makes a purchase with cryptocurrencies, a payment processor receives the transaction, then credits a merchant's account with an amount with the equivalence of any fiat currency option.
Trackers are third-party elements that are localized on webpages. They operate "like a shadow" and can trace users' functions for the benefit of, say, promotions or web analytics.
Information Flow
Quite simply, third parties trace crypto transactions via entries within the value chain of information.
Common user actions such as logging in and out of sites, executing payment processes and selecting desired items provide loopholes-which are exploited by third parties-to trace footsteps of crypto transactions.
Certainly, the scale of knowledge regarding user actions determines the magnitude of third-party influence in tracking cryptocurrency transactions.
Well, you might be wondering - what information types do third-party players target?
First, payment timestamps, which refer to approximate payment periods, can be learned by third parties.
Timestamps are typically borne within merchant websites and are commonplace to sites that employ checkout processes in their transactional system.
Payment addresses denote destinations linked to virtual currencies. Payment processors generate addresses that are special to various transactions.
Leaks, which occur in information flow, allow third parties to trace crypto transactions via such payment addresses.
In this breath, the eventuality becomes real whenever a third party can associate an online user to particular blockchain transactions.
Additionally, prices set by merchant websites can provide entry points for third-party trackers to trace crypto transactions.
Third parties may access information regarding itemized prices that are linked to user actions.
Apart from knowing the prices of goods added to a shopping cart, these players may understand shipping costs that surround purchase processes.
Forms of Attacks: Active and Passive
Using the analogy of third-party attacks, it's necessary to examine the different techniques used by third parties in tracing cryptocurrency transactions.
First, passive attacks occur whenever transactional information is "innocently" obtained by third parties in the course of a normal transaction.
Otherwise, active attacks, which happen in most cases, are fundamentally intentional and aim to extract transactional information from webpages for, as mentioned before, analytics and promotional purposes.
