Mobile stealth addressing — a privacy-enhancing life while utilizing mobile payments?
The natural habitat of stealth addresses: „full block verifying wallets“
Why am I telling you this? Well, simply put: We have to determine the usability and privacy aspect of users who want to utilize stealth addressing on their beloved mobile phones or other devices, which aren’t able to handle a fully validated blockchain.
We have simple limits, which are specified by bandwidth, storage and/or CPU utilization. All those limitations are the fact that services, like BWS (Bitcoin Wallet Service), were established to enable users to use their phone as part of a communication utility to authorize different mechanisms on the blockchain. As well as scanning transactions for their received values, which doesn’t happen on the phone itself, but on the server by knowing which user is using a particular address.
Based on this, we can create a scenario, where we want to generate a stealth address on our mobile device. In the best case, this address should only be known by the payer and payee.
Knowing these limitations, we can come to the conclusion when we send a transaction to a stealth address, we have to generate a derived address based on the transmitted stealth address. This address will be used to transfer the value to. Besides that, the payee doesn’t know which address will be generated out of the transmitted stealth address, neither does the BWS. Hence the BWS won’t be able to statically bind a transaction to a user, because it doesn’t know who owns the randomly derived address. Mainly, stealth addressing was build for the recipient‘s privacy in the first place and that’s what it’s achieving at this point.
One possibility to solve this problem would be to add the used stealth addresses to the server itself, but it would destroy the concept of having stealth addressing at all.
Another solution, which would require a huge amount of development, would be to add a full blockchain verification to scan the blocks for your own transactions, but that would require the release of previously explained limitations of such small and basically incompatible devices.
Last but not least, a personal note for those privacy junkies around us: just utilize the full block wallets provided by your favorite currency. It will basically anonymize your transactions even more by providing advanced algorithms within a full block wallet. Instead of trusting third-party sources or services for any kind of „private“ transactions.
Nevertheless, there’s also the contradiction between privacy and usability. One will basically make the other one useless or unusable at all. Always keep that in my mind. Besides that privacy is something which is not only established by using secure currencies. If you send a stealth address to your friend via Facebook, you’ll lose your privacy anyways — just to name an example here.