Bitcoin Forum
June 15, 2024, 10:41:38 AM *
News: Voting for pizza day contest
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Economy / Service Announcements / Re: [BETA] blindmixer.com - Next-gen mixer | Chaumian Bank | Lightning | Blinded-Sig on: April 28, 2023, 12:17:29 PM
BE AWARE OF THIS SERVICE - BE AWARE OF THIS SERVICE - BE AWARE OF THIS SERVICE
Quote from: blindmixer on April 22, 2023, 12:37:34 PM
Dear everyone (...)

Why don't you answer my E-Mails since weeks?

I am waiting now for weeks for my money. The service said the transaction was sent but in fact it was not and my money just got detucted.

See the screenshot:


Now check my transaction:
https://blockstream.info/tx/616ddbbf339f8e3572cb847aa5f124d9f6d93a82b93d675a135efeb27b9487bd

It wasn't ever broadcasted to the network!
Even when i see the api calls in the background I see it is not existing.



I also reversed other requests in background: All incoming and outgoing transactions are transferred without any extra encryption directly through cloudflare... So if cloudflare would record all the traffic it would be very easy to trace back all transactions.
See how it works on my outgoing, non-existing transaction:


Thats the same way how incoming transactions are checked... Just using another subdomain... "very secure"
Maybe when using TOR those two subdomains are connected to using different ips but was far as I have seen for now its not like the service is used by hundreds of people at the same time, so because of this and using other header parameters by the browser i am sure it would be possible for a child to figure out which request and wallet belongs to who. In my opinion this is not acceptable.

Because of it the mixer is not that blind as you describe. You could also easy track it back by headers and time. To make the whole thing make a sense you should encrypt the data in the browser somehow using keys only your server and the client nows.
And the whole "blind" thing can't work ever in my opion. Because your server always will know incoming and outgoing transactions to validate. So why don't focus on better mixing? I see people here and also I experienced receiving my coins back. Who needs a mixer where this happens?

I really like the idea of the service, but for the rest it is not usable for production.
There is a lot work to do in improving privacy and you should make the raw transaction code viewable for the sender, so when your node fails to broadcast they can do it manually.
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!