Bitcointalk username: Bitcoin_Arena
First impressionI love the fact that the site loads fast both on the clearnet and Tor mirror. This is a huge positive. We have a lot of mixers using Cloud-flare and the loading plus captcha challenges as one just tried to visit the site can be quite annoying.
User Interface and HomepageThe UI is nice on both light and dark themes, but the home page could do better with less clutter of information or articles. Most of the information is repetitive, for example, The home page already has two links to the blog and FAQ both at the top and the bottom, so there’s no need to add FAQs or the blogs in the body of the homepage. This makes scrolling to obtain vital details such as the official Bitcoin address and Tor mirror hard. In fact, such details should put somewhere more visible and not hidden at the bottom where one has to scroll a whooping 14 pages down in order to see the bottom. It should be around 2 pages maximum.
DDoS protection serviceThe service uses DDoS Guard to protect itself against DDoS attacks, which can turn out to be a loophole in the future for a service that promises its customers ultimate privacy. With the dangers DDoS Guard could pose, I think you should look for alternative ways. Better safe than sorry.
Support for different languagesThe support for other available languages is pretty good, except for the Terms and Privacy. Whenever I clicked on the terms and privacy while in using another language like Russian or French, the page would automatically revert to the homepage in English. A customer need to clearly understand the terms before they use the service, so how is a Chinese supposed to understand English?
Terms and PrivacyI noticed something rather peculiar about your terms
Any use of "The Service" in violation of local law is strictly prohibited.
The prohibited activities in this section include, but are not limited to, the following prohibited activities:
- ammunition, firearms, explosives (including fireworks), or "The Service"apons subject to applicable law;
- sales of drugs, research chemicals, or other controlled substances;
- transactions in which third party personal data is disclosed in violation of applicable law;
- infringes or violates intellectual property rights such as trademarks, copyrights, patents, trade secrets;
- providing debt settlement service or credit repair;
- transactions that help Ponzi, pyramid, or other get-rich-quick schemes;
- money laundering or assistance;
- obvious sexual content.
How are you going to determine where the transactions come from? Are you going to involve KYC? Chainalysis? Of course the question is rhetorical, but you get my point.
COIN FILTERING
"The Service" may carry out verification and control of illegal activities with the help of a third party under a contract. "The Service" may terminate Your access to "The Service" with immediate effect for any reason - including, but not limited to, illegal or prohibited activities, at its sole discretion, and is not obligated to reveal the details of its decision.
You accept that "The Service's" decision to take certain actions, including termination for any reason at its sole discretion, may be based on confidentiality criteria that are necessary for "The Service's" security protocols and risk management. You accept "The Service" is not obligated to reveal to you the particularities of its security and risk management processes.
This feels discomforting, especially coming from a coin mixer that promises absolute anonymity.
COUNTRY OF RESIDENCE
If You are a resident of the CAR and would like to use [banned mixer], please inform in advance via the Support Service on the website.
Why?
Mixing ProcessThe mixing page is simplified with pop up definitions or descriptions of each component. The anonymizing meter and fee calculator are a great addition, however the Transaction fee for each receiving Bitcoin address seems to be a little too high.
I noticed that the Bitcoin transaction fees for the transactions to the target are over paid almost all the time
Here are the transaction fees to my target address after the second mixing session today
How about you make that fee dynamic based on the state of the mempool. Let the fee estimator look like that of some popular wallets out there, such as electrum.
I intentionally repeated one of the addresses when entering them on the order details page and on trying to proceed, the continue button was grayed out.
To make it easier for the user to figure out what the problem could be, there should be a small note below the repeated address space.
On the next page, which is one for Order Overview, The letter of guarantee downloaded checks out and can be fully verified. Bitcoin.com is anti Bitcoin and not the Best Bitcoin signature verifier out there. Please suggest something better like Electrum wallet, Sparrow wallet etc
When mixing using the different languages available, I noticed that the Letter of Guarantee is still signed in English.
How about you take it a step further ahead of your competition by providing letters of guarantee depending on the language set by the user when trying to mix.
I mixed two times, but let just point out the results of my second time of mixing. The time range was low, but I was disappointed on how the mixer used change addresses to fund both my target addresses
These were my target addresses.
1. bc1q660842ggcj3gtn20px09u3vxr584gj9h98n68j
2. bc1qltlptzcnvh8apnspue0a7w7hd7p8sa7u424vgl
Notice how the previous change address is used to fund my next address. If I had used 10 addresses, I guess the same thing would have happened. I have no good knowledge of some visualization tools, but this would be a piece of pie for the deanonymization experts.
I also intentionally left the order page time to run out past 24 hours, and nothing else changed apart from the timer.
Once the 24 hours have passed, this order page should expire or the deposit address should be hidden if it has not received any deposit with instructions to the user to start the mixing process afresh
Refreshing it bring this error message, which is persistent. Please fix
Support/Communications channelsThe support option is integrated within the site, which could be disadvantageous to customers in case the website goes offline. They will be no way customers can get in touch with you, so you could also include an email option, maybe ProtonMail
Twitter is not necessary, maybe a social network that is more into privacy.
ConclusionThe whole mixing process was smooth and with improvements on the service, it will be an anonymizing service worth paying for. I am not really satisfied with how the coins are mixed and can easily help the Chainalysis experts or services connect the dots without much effort.