Alright, finally got this done!
https://doublemixer.github.iohttp://doublemixwcfx4wadeuvuygpxej5jpu7uleesh3yptopnbj5kshnlrid.onion/
Live with double mixing. Please let me know how it works out for you. Obviously, please audit the code, make sure you don't send too much or too little (read the minimums/maximums in the guarantees), validate the signatures, etc.
Thanks for BitMix and for Foxmixer for both enabling CORS headers to make this possible.
If you connect to the .onion, the upstream mixer's .onions will be used for connecting to their API. If you use clearnet, that's obviously not the case.
Lastly, one major update on doublemixer-python. It now uses a local Tor SOCKS proxy and the corresponding Hidden Services by default.
This is not just a good strategy to reduce the chances of using a mixer that might be a bad actor, it is also a good strategy to reduce the chances that a single mixer service might have an exploit that are being tapped by authorities and that this mixer services are not even aware of the exploit.
I use the mixer service in my signature, because I have been using it for years without any problems and when I want to shift funds between my wallets and I want to obscure the link between them, then I use more than one mixer service.
Or what about this, use JoinMarket, Wasabi, and Samourai/Whirpool altogether to make sure of a good mix. No need to surrender custody of your coins.
Totally agree with you, that could be a much better solution. This is more of a quick-and-dirty setup. What is nice is that it's much simpler technically and maybe less wrong to go that way, but still lots of trust required since you need to trust both mixers at least not eat your coins.
