Which is just as equally bullshit. Banks not only "knowingly allow" money laundering, but indeed actively assist and perform money laundering, and make huge profits from doing so. Open source code developers get arrested, where as these fiat banks get a slap on the wrist and a fine which equates to a tiny fraction of the profits they make from laundering said money, and is less than a single day of their profits.

$7 billion is absolutely nothing. Danske bank laundered $230 billion in Estonia. Wachovia bank laundered $390 billion for drug cartels. Standard Chartered laundered $265 billion for Iran. Fiat banks collectively launder trillions of dollars. Has a single bank CEO been arrested?

Don't be fooled for a second in to thinking this is anything other than the government trying to control you. The government are absolutely fine with trillions of dollars being laundered when it's their buddies in the fiat system who are doing it. But they will use any excuse to crack down on tools and services which prevent them from spying on and controlling their populace.

Yes, but not random people on the street. There is also a big difference between showing your drivers license to a single officer who pulls you over, and scanning it in to electronic send it with unknown security to an unknown third party for unknown storage and unknown distribution.

As you say, banks request to see these documents for proof of ID and to open accounts, loans, credit cards, etc. Given that, then you can clearly see why letting random strangers have access to these documents poses a massive financial risk.

This is simply incorrect. In the US alone, identity theft affects ~40 million individuals each year and costs those individuals upwards of $50 billion:

https://javelinstrategy.com/2022-Identity-fraud-scams-report
https://javelinstrategy.com/research/2023-identity-fraud-study-butterfly-effect

Once someone has your identity, they can take out loans in your name, open credit cards in your name, use your insurance to rack up enormous bills, commit tax fraud in your name, and more.

What? In what country do you live that individuals' personal ID cards and passports are public information that anyone can look up?

You can hide any scripts which allow an output to be spent, but you cannot hide the public key. As I've said in an earlier post in this thread, a taproot address is simply the tweaked public key in a different encoding.

The whitepaper says keys should be used once only for privacy reasons, not for security reasons.

A quantum computer which takes a year to solve an ECDLP will then be able to take the coins from a single address after one year, not from every vulnerable address.

There are hundreds of reasons your public keys will be exposed. Transactions, signing messages, BIP32, sharing xpubs, light wallets, address reuse, multi-sig or other scripts, the list goes on. No wallet or piece of software handles your public keys as if they are secret information. They are meant to be public, and the security of your coins does not rely on them not being so.

Encryption attracts criminals since they can hide their communications. That doesn't mean the government should be able to read all your emails and private messages. The internet attracts scammers since they can use it to target their victims. That doesn't mean we should ban the internet. What about phones? Scammers use phones all the time! Better ban those too!

Making such things illegal or attempting to shut them down does not stop scammers or other criminals from using them, it only criminalizes the average Joe who uses them just because he doesn't want his government spying on his entire life. Not to mention that all the evidence we have shows that a tiny portion of coins being mixed are linked to illegal activity, just as a tiny portion of all internet traffic is linked to illegal activity.

Stop acquiescing to your government's ever more ridiculous demands. When it comes to bitcoin - refuse to be spied on. Refuse to complete KYC. Refuse to let them monitor all your activities via centralized exchanges. Run your own node. Trade peer to peer. Mix/coinjoin freely. Spend bitcoin directly with appropriate merchants. Opt out of their global surveillance. Encourage others to do the same.

You can't, if you've followed the instructions correctly.

On Windows, click Wallet -> Information. The window which pops up will have a box titled "Master Public Key" at the bottom. Within will be a master public key starting with "zpub" (or maybe "xpub" or "ypub", depending on the specifics of your wallet). Use that key (and only that key) to create your watch only wallet on Android.

If you've done this, you cannot spend from your Android wallet. It will let you enter an address, enter an amount, set a fee, and actually create a transaction, but it will be unable to sign or broadcast that transaction. Instead, it will tell you to present that transaction to the "signing device". If you don't do that, then the transaction cannot be signed and your coins cannot be spent.

Is everyone who uses a centralized exchange gullible and greedy? Maybe you can argue such people are gullible, when they believe that the centralized exchange will keep their data safe, or keep their documents secure, or cares even the slightest about what happens to your KYC information. Every centralized exchange out there has leaked KYC data one way or another, whether it was a hack, sharing it with shady third parties, or even just selling it outright.

You always have a choice. You can choose not to trade that shitcoin or choose not to use that service. That's what I do, and I get by just fine.

Once your KYC data has been leaked, it is almost trivial for a scammer to perform a SIM swap attack and take control of your phone number.

Yes. Each output is on its own address and addresses are never reused.

Yes, although if you wanted to cycle 0.5 BTC, then the 0.05 pool would probably be a better choice.

I already made that point above. A number of simple "hops", with one input and one or two outputs is absolutely trivial to trace, and achieves literally nothing against blockchain analysis companies. And transaction with 1-2 sats/vbyte in fees aren't even being relayed at the moment, let alone confirmed.

Yes. Lots of people call the most chainwork "longest", just as lots of people call stale blocks "orphans". Such terms are incorrect, though.

Satoshi uses the term "longest chain" in the whitepaper because when bitcoin first launched, it was indeed the longest chain which was taken as the main chain. Satoshi did not foresee the possible attack where a malicious miner could mine a much longer alternate chain by manipulating the timestamps of their blocks to artificially drop the difficulty to 1 and then churn out blocks as quickly as one a second.

This was changed in version 0.3.3, where height was replaced for chainwork when deciding the main chain: https://github.com/bitcoin/bitcoin/commit/40cd0369419323f8d7385950e20342e998c994e1#diff-623e3fd6da1a45222eeec71496747b31R420

Even that is not proof. "I sold an old laptop to my friend. He wanted to pay me in bitcoin, so I gave him my deposit address for my Coinbase/Binance/whatever account. He paid the coins directly from the mixer to my account."

The bottom line is that as soon as a transaction has happened, you cannot say the bitcoin haven't changed hands. As soon as a transaction has more than 1 input and 1 output, you cannot say which bitcoin ended up where - indeed, "which" bitcoin is a concept which doesn't actually exist. The very concept of taint is provably nonsense. It is a triumph of blockchain analysis companies that they have convinced governments to force centralized exchanges to pay them hefty fees to peddle this nonsense.

You can leave your coins in Whirlpool for as long as you like, and they will continue to get free remixes. You can spend individual outputs as and when you need to. If I had ten outputs of 0.01 BTC being coinjoined, for example, I can easily spend one of those right now and leave the other nine in Whirlpool to continue to be mixed.

I was about to point out the same thing.

Where did you get those graphics from? They correctly states that the chain with the most (valid) work is the main chain in one panel, but incorrectly call it the "longest chain rule", and then in two other panels incorrectly refers to chain length again, rather than the accumulated work.

The average amount of KYC information you have to hand over to a centralized exchange is more than enough for an attacker to commit identity theft and gain access to your fiat accounts. And given that every major exchange has suffered, and continues to suffer, data hacks/leaks/breaches or even just outright sells your data, then anyone who has completed KYC is at risk.

Plenty of software out there, even free software, which can change your face in real time: https://www.latimes.com/business/technology/story/2023-05-11/realtime-ai-deepfakes-how-to-protect-yourself

I think the real question which no one has asked is: Why?

I think this every time we see some new method for generating a seed phrase or backing them up. From combining email addresses, passwords and nonces to generate your entropy, to backing up your seed phrase as colors or even emojis. Why?

None of these harebrained schemes that people come up with will be better than the standardized processes we already have in place. You'll either be decreasing your security and making your coins easier to hack, or you'll be increasing the difficulty of recovering from your back up and put yourself at risk of locking yourself out of your wallet.

If you want to do this because you don't trust dev/urandom, then you should use a physical process such as unbiased coin flips to generate your entropy (and also get a new OS). If you want to do this because you are going to save your 12 characters in a password manager or try to remember them, then you vastly increase the risk of theft or loss compared to writing down a seed phrase. I can't think of any other reason you would want to do this.

That's correct, although the set of basic printable ASCII characters is 95, rather than 94. You've probably missed out "space". Although you could obviously massively increase you character set by using UTF-8 or similar.

Any exchange is more than capable of looking back a few transactions to see where the coins have come from. A far better option is to stop using centralized exchanges which attack the very essence of bitcoin by treating it as non-fungible, and will spy on you and censor you if they don't like what they find.

There are now plenty of decentralized exchanges, marketplaces, merchants, services, and so forth, out there which do not spy on you and do not promote the provable nonsense that some coins are "tainted". Use them instead, and stop worrying about whether some faceless third party thinks your coins are naughty.

I am of the opinion that modern smartphones can never be reliably airgapped. You are taking a device whose sole purpose is to communicate in as many ways as possible and trying to stop every single one of those processes. A simple software switch - turn off WiFi, turn off Bluetooth, turn off NFC, turn on airplane mode, etc. - will never be as reliable as a proper hardware airgap which you can achieve on a laptop or computer by physically removing the modules in question. And we also know the NSA are still able to track phones with location turned off and airplane mode turned on, so they must still be transmitting some data. Which leads to the point - how do you verify your phone is not still transmitting information? How can the average person verify that the WiFi really is off, that the location data really is off, and so on? You can't.

And that's all without touching on the fact that the physical security of a phone is inferior to the physical security of a proper hardware wallet.

If you want a pocket size airgapped device, then buy an open source airgapped hardware wallet such as a Passport. A phone is a very poor alternative.

Although you can run Whirlpool without a full node, it's not recommended. Any time you are not connected to your own full node, you are sharing data with a third party. Anyone who is in any way serious about their privacy should be running their own node already.

Just spotted the mistake in the name of the website. It should be samouraiwallet.com, not samurai.com.

That seems completely fair. That is a simple statement of fact which any serious user would want to know.

No, not at all.

You can close down Sparrow at any point during the process, and it will pick up where it left off whenever you open it again. For example, once you select coins in the "Deposit" account to coinjoin and have broadcast the initial Tx0, you can shut down Sparrow while you wait for it to confirm if you want. When you come back, you'll have your outputs in the "Premix" account ready to be coinjoined. These will automatically be enrolled in to different coinjoins over the next few minutes, depending on the available liquidity from other users. If you shut down Sparrow, then any which have not yet had that first coinjoin will simply be enrolled when you next open it. Once an output has had its first coinjoin, it will move to the "Postmix"  account. At this point it will be enrolled in to free remixes whenever Sparrow is open, as I explained above.

There is even a button at the bottom of the Whirlpool accounts to start and stop the process as you please, so you can have Sparrow open but not mixing if you want.

Being enrolled in to free remixes is essentially a random lottery between all the liquidity in the pool. Each Samourai or Sparrow wallet will have a maximum of one output of each size chosen at random be eligible for a free remix (so you will never remix with yourself). The frequency at which free remixes happen is obviously dependent on the frequency of new liquidity entering the pool. Given all this, then the higher uptime you have on your wallet then the faster you will get free remixes, but as explained, you are free to shutdown Sparrow, even for months at a time, and then open it back up again and continue where you left off.

Here's a link to get you started: https://sparrowwallet.com/docs/mixing-whirlpool.html#mixing-with-sparrow-terminal

Note that you don't have to leave Sparrow open all the time when your coins are in Whirlpool. While Sparrow is open, your coins are available for free remixes. When you shut down Sparrow, they are not. When you open Sparrow again, it will pick right back up from where you were and they are once again made available for free remixes.

If you have a separate device already running your node, then loading Sparrow on to that would be ideal because it will be connected 24/7. But if you can't do that, then simply having Sparrow open whenever you are using your computer will still get you free remixes, just not as quickly as if it was running 24/7.

And of course make sure you are connecting to the coordinator through Tor!

You'll want to spend those coins at some point though, no? If you are using Sparrow anyway, then why not just fire those coins in to Whirlpool? You can ignore them for months or even years if you want and get 100s of free remixes. Good luck to anyone trying to trace them through that. Or as I mentioned above, if they are going to stay untouched then just sell them for fiat and then use that fiat somewhere else to buy back non-KYCed coins.

The most important thing for you going forward then will be to ensure permanent separation of any unmixed KYC coins and your non-KYC coins, and make sure never to send coins directly between your two wallets.

For the bitcoin seller, you can do cash via mail to anonymous PO box, to a pseudonym, to a drop off address or location, or to poste restante.

For cash in person, it is trivially easy to hide your face since COVID, and no one looks twice at anyone covering most of their face with a mask. Add in a hat or something with a hood, and you can easily be unidentifiable.

For giftcards, you can easily receive a giftcard to a burner email address, and then credit it to an online account before releasing the bitcoin.

It depends on how you interact with your KYC wallet.

If you view the balance of that wallet via anything other than your own full node, then whichever third party node(s) or server(s) you are connecting to will be able to see all the addresses in the wallet and link them together under a common owner. If you have KYCed coins in address A, and you then send some of your non KYCed coins to address B, the third parties can link those together. They could then look to see where the address B coins from, and potentially infer that you own that wallet as well.

If you want to move any coins between KYCed and non-KYCed wallets, they should be coinjoined first, otherwise you establish a link between your two wallets.