A new report by an open-source advocacy group has found that bitcoin users still face major threats to their privacy.

The Open Bitcoin Privacy Project (OBPP) published its latest study today, which explores the state of bitcoin privacy throughout 2016 and identifies key vulnerabilities in the ecosystem.

Composed of developers and researchers in the bitcoin space, OBPP has previously weighed in on user privacy issues related to bitcoin wallets, releasing two editions on the subject since 2015.

The newest report identifies four major threats that confronted bitcoin users over the past year. These include the merging of co-owned funds into single transactions; the re-use of bitcoin addresses; the linking of network identity to a particular bitcoin address; and the linking of addresses together through network activity.

The publication perhaps speaks to one of the key underlying aspects of bitcoin itself, given that the digital currency provides a pseudonymous, open-access means of moving money throughout the world. For some, financial privacy is one of the reasons they turned to the digital currency in the first place.

It also highlights how cybersecurity risks can undercut those characteristics, as well as what steps can be taken to reduce the threats involved. For example, OBPP suggests the utilization of the Tor network or similar tools – which route data to different points around the world, obscuring its origin and destination – to avoid having one’s identity tied to a particular node.

The report’s release comes as regulators worldwide see the privacy-enhancing features of digital currencies as a growing concern. Last month, for instance, a group of law enforcement agencies and organizations, including Interpol and Europol, called for a crackdown on transaction mixers, or tools that can obfuscate the source of funds by combining them with other transactions.

During a recent conversation with CoinDesk ahead of the report’s release, OBPP contributor Kristov Atlas described the state of privacy in the ecosystem today as “pretty bad”, noting that work on wallet privacy has fizzed out in the past year or two.

He went on to state:

“Practical improvements to privacy have kind of stopped for the moment. Overall, I would give the industry a pretty failing grade.”

As for what’s driving the deficiencies around privacy, Atlas highlighted regulatory issues as well as technical ones, suggesting that it’s likely “a confluence of challenges” inhibiting broader focus.

Challenges aside, Atlas stressed his belief that privacy should be prioritized by companies who offer tools for transacting in bitcoin.

“I think it’s important to try to get these privacy concerns on the to-do lists of companies and remind them that it’s important, and that it’s something they haven’t fully tackled yet,” he said.

A full copy of the report can be found here.

Alyssa Hertig contributed reporting.

Image via Shutterstock