Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Discussion
Re: WARNING - Blockchain.info is NOT SAFE
by
wtfvanity
on 19/12/2012, 21:52:13 UTC
Quote from: DannyHamilton on December 19, 2012, 09:50:10 PM
Quote from: wtfvanity on December 19, 2012, 09:44:24 PM
Quote from: piuk on December 19, 2012, 04:34:06 PM
What has been changed
  • Roger and the support agent's access to this information has been revoked.
  • Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
  • The secret phrase is now no longer shown to any admins

What other information could be used to identify a wallet
We store the ip address a wallet was created with and the ip address a wallet was last updated with.
. . .This was a shock to many people that you save this kind of information when previously it was said that no tracking information was kept.
Not a shock to anyone who took the time to read their privacy statement and anonymity information publicly available on their website:

https://blockchain.info/wallet/anonymity

Quote
. . . When notifications are enabled your public keys are inserted in a separate table along with your email, skype handle or google talk username. This mode does sacrifice some Anonymity as we can now see your public keys and view your wallet balance. However just because a wallet contains a public key does not necessarily mean they are the owner of said key (as you can add keys without the respective private key). . .
. . . We log the internet IP address a wallet was created with and the ip the wallet was last updated with . . .

The only shock was that another business managed to access this information, and that has been addressed appropriately.


Hashing it would not prevent looking it up if programmed that way. But would prevent it from being plaintext in the database. You can't hash the email or the sms because you use those to send notices.