When Foodler jumped on the Bitcoin bandwagon a few months ago, it seemed like an interesting way to drum up new business. But it turns out that, for some, Bitcoin business can come with an unexpected pricetag: privacy.
Since April, the Boston-based online restaurant ordering service, has accepted payments in the world's hottest digital currency, and sales have grown nicely. Foodler is now doing about $15,000 in Bitcoin food orders per month. This is convenient for customers, and with Bitcoin, the company doesn't have to fork over the payment-processing fees that come with credit card sales. But there's a downside: If Foodler isn't careful, Bitcoin could give competitors a way to spy on its business.
To be sure, Bitcoin makes it possible for people to exchange money without anyone knowing who is sending or receiving it. But because all transactions are recorded publicly on the Bitcoin peer-to-peer network, once you know the Bitcoin address of the person you're paying, it's possible to track all other payments made to that address.
"It's very easy for merchants to inadvertently expose the details of their supply chain, their finances, and their spending habits," says Christian Dumontet, one of Foodler's founders.
Figuring out this kind of information isn't easy, but it's possible, Dumontet says. In order to combat this, most merchants create a unique Bitcoin deposit address for each sale, but when the merchant decides to bundle all of those deposits together -- to pay suppliers or to convert Bitcoins to U.S. dollars, for example -- they could still be giving a competitor a way of tracking all their Bitcoin transactions.
So a competitor could learn something interesting about a company by first paying them in Bitcoins and then tracking how that money flows through the block chain -- Bitcoin's public ledger -- and studying the other transactions that got bundled with the competitor's original payment.
>'It's definitely a concern, and it's definitely part of the reason I say that Bitcoin is an experiment.'
Gaven Andresen
Over the past decade, computer science researchers have done a pretty good job at taking large, supposedly anonymous sets of data, and figuring out ways to make them less anonymous. In 2006, the New York Times identified a 62-year-old widow from Lilburn, Ga., based on an analysis of information in a supposedly anonymous database of search queries that AOL released online.
Bitcoin's block chain presents a very similar challenge, says Matthew Green, a computer science professor with Johns Hopkins University. To date, Bitcoin hasn't been widely used for consumer purchases, but that's starting to change. And that's making the data even more interesting to researchers. "I expect to see data-mining papers on the Bitcoin block chain," he says.
These attacks would be difficult to pull off, but it's also hard to keep this type of data private, says Gaven Andresen, chief scientist with the Bitcoin Foundation. "Bitcoin transaction privacy is really complicated," he says. "If you want to be sure that your transactions are going to be private, then you probably need to hire a cryptography PhD to analyze your system."
"It's definitely a concern, and it's definitely part of the reason I say that Bitcoin is an experiment," Andresen adds.
Dumontet says that Bitcoin businesses need to be mindful of their privacy, but not everyone is ringing the alarm bells. This issue is not a big deal right now, says Adam Sah, the CEO of a Bitcoin-friendly retailer called Buyer's Best Friend. "It'll be decades before Bitcoin has enough marketshare to create this problem," he tells us in an email message.
Foodler has figured out a way to at least obscure its Bitcoin trail. The company has written its own software that subdivides its daily balance into a random number of components. Then it mixes and remixes these components in order to obscure the transactional trail. "By randomizing both the amounts and the length of the chain, bit becomes very difficult to know whether it's still under our domain or not," says Dumontet.
Dumontet says that as Bitcoin usage grows, companies should think about taking steps to obscure their sales data. But he's still a big Bitcoin believer. "We see this as an opportunity for the network to improve," he adds.
