agreen99
Newbie
Offline
Activity: 11
Merit: 0
|
|
September 11, 2019, 06:13:56 PM |
|
Am I the only one who noticed that their website is down for 2 days now?
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1722
|
|
September 11, 2019, 11:53:04 PM Last edit: September 12, 2019, 12:26:49 AM by malevolent |
|
No, Intel SGX provides something called "remote attestation" which you can think of Intel signing a message saying "This specific program, generated this specific value when run in a secure enclave". So if that program (which you verify matches, and doesn't log) generated a public key. You know you can now communicate with that program in a way no one else can intercept the messages.
The two immediately obvious pitfalls:
a) Intel could potentially be compelled into signing a false-attestation. b) There's security vulnerabilities in SGX which nullify their guarantees (which has happened several times before).
Either way though, Intel has probably invested billions (?) into their secure computing so they would be extremely unhappy to see their guarantees fail in the wild. Is it possible to avoid using Intel's Attestation Service? (since that requires registering with Intel and so on as far as I understand how it works.)
Am I the only one who noticed that their website is down for 2 days now? I don't know if it's 2 days already (last time I checked the website was a couple days ago), but at least for the past several hours both their regular and the .onion site have been down for some reason. If it's actually been down for 2 days, then that doesn't sound good, as ChipMixer hasn't posted any info, nor has he logged into his account in the past 24h.
|
Signature space available for rent.
|
|
|
RHavar
Legendary
Offline
Activity: 1463
Merit: 1886
|
|
September 12, 2019, 02:59:22 AM |
|
Is it possible to avoid using Intel's Attestation Service? (since that requires registering with Intel and so on as far as I understand how it works.)
I think you really need that remote attestation to make it useful. I'm not sure, but I suspect AMD/ARM probably have similar things, but not sure about the process. For Intels you need to register, but I don't think that's an issue (and it's free) If it's actually been down for 2 days, then that doesn't sound good, as ChipMixer hasn't posted any info, nor has he logged into his account in the past 24h.
Actually seems up for me, just supppppper slow. So probably a big long-lasting DDoS (ugh, fuck the internet )
|
Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of.
|
|
|
btctaipei
Member
Offline
Activity: 141
Merit: 62
|
|
September 12, 2019, 05:47:13 AM Last edit: September 12, 2019, 06:08:09 AM by btctaipei |
|
Am I the only one who noticed that their website is down for 2 days now?
Site not down but not usable at the moment. Here is my unbiased analysis to current chipmixer's situation (time will tell if this is true): 1) Attack against Chipmixer isn't all that volumetrically significant. 2) Chipmixer had been watched and targeted by state level adversaries with assistance by deep state and related big data entities can do mass surveillance on hosting providers /CDN entites with AWS/Google/Cloudflare user data exfiltration to facilitate necessary traffic and data correlation attack. 3) major transit providers to datacenter hosting clear web probably now had span port enabled for quite site time on their switch to log, spoof and identify the .onion site's origin. This isn't likely to change. 4a) DDoS is necessary to attempt to trick browser to leak information related to chipmixer session key over TLS/SSL (that can be restored / steal privatekey and chips) but since chipmixer uses minimal .js was the likelihood of success in this side-channel SSL content scrubbing trick isn't all that great. 4b) sustained DDoS would be necessary since it would compel site under DDoS (unfortunately for the adversaries Chipmixer isn't clueless) to reconsider use DDoS CDN services like Cloudflare. 4c) Once Cloudflare or similar CDN is used, all chips, sessions, and private keys can be monitored and logged by deep state, since now the privatekey is available for the SSL Cert (on *.cloudflare domains) used to serve up and fetch content proxy to chipmixer web site. This is done with special SSL pinning appliance with cloudflare's private key tapping (span) Chipmixer scrubbed/clear traffic channel and exfiltrate IP, User Log (session), and even private key and bitcoin address of all transactions or activities involved. 5) Chipmixer Admin realize the above situation and quietly re-architect the server infrastructure to parallel a dozen of .onion mirror site with different Host/transit ISP to survive similar deep state surveillance attack in the future. How much help Chipmixer from expert in this area forum and resources such as bitcointalk would likely determine how soon site returns to normal service.
|
|
|
|
agreen99
Newbie
Offline
Activity: 11
Merit: 0
|
|
September 13, 2019, 10:35:27 AM |
|
I studies Law and even worked for Law Enforcement. LA will never do something like that. Illegal obtained proofs can not eve be used in court + they can't break the law as they want. we are not even allowed to use hacking software/guess somebody password without a warrant. if we wanted to get somebodies account details we had to obtain a warrant. (for facebook , for google/yahoo it was more 1000 times more complicated, he had to use an international mechanism - call our ministry to ask a prosecutor from US to call a judge from US to give us an order.).
|
|
|
|
DireWolfM14
Copper Member
Legendary
Offline
Activity: 2310
Merit: 4492
Join the world-leading crypto sportsbook NOW!
|
|
September 13, 2019, 03:45:16 PM |
|
Espionage isn't subject to the same restrictions as domestic law enforcement. A bitcoin obfuscator that's actually a NSA honeypot wouldn't be able to be used as evidence against a domestic tax cheat because of anti-entrapment laws. But if they're tracking an international drug cartel or a terrorist cell (domestic or not) those anit-entrapment laws are not applicable.
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1722
|
|
September 13, 2019, 05:20:17 PM Last edit: September 13, 2019, 06:43:55 PM by malevolent |
|
I studies Law and even worked for Law Enforcement. LA will never do something like that. Illegal obtained proofs can not eve be used in court + they can't break the law as they want. we are not even allowed to use hacking software/guess somebody password without a warrant. if we wanted to get somebodies account details we had to obtain a warrant. (for facebook , for google/yahoo it was more 1000 times more complicated, he had to use an international mechanism - call our ministry to ask a prosecutor from US to call a judge from US to give us an order.).
It might be illegal in your country, but legal in another country. Parallel construction may also be used and you won't even know if any laws were broken when gathering the evidence.
BTW, I can load the clearnet website only with a VPN but it loads immediately, the .onion site works without any issues.
|
Signature space available for rent.
|
|
|
RHavar
Legendary
Offline
Activity: 1463
Merit: 1886
|
|
September 13, 2019, 06:30:05 PM |
|
A bitcoin obfuscator that's actually a NSA honeypot wouldn't be able to be used as evidence against a domestic tax cheat because of anti-entrapment laws.
That's absolutely not how entrapment laws works or are intended to work. Firstly (although the specifics vary per country) you almost universally you have to demonstrate you would not normally have done the crime if it wasn't for the persuasion or trickery of the police. No joke, the police have quite literally operated a child-pornography site as a honeypot and without extenuating circumstances entrapment is simply not a defense. But more importantly, if it was a honeypot it would be used for evidence gathering, rather than charging you with a crime per se.
|
Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of.
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1722
|
|
September 13, 2019, 09:31:52 PM |
|
The devil is in the details, the differences between different jurisdictions are considerable enough that what in one country will be a legal sting, in another will be an illegal entrapment, or looked at as manufacturing criminals.
|
Signature space available for rent.
|
|
|
agreen99
Newbie
Offline
Activity: 11
Merit: 0
|
|
September 14, 2019, 07:16:20 AM |
|
Now everybody who haven't managed to withdraw their coins, will loose them! for ever! as the sessions expires in 7 days.
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3458
Merit: 17494
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
September 14, 2019, 08:31:39 AM |
|
Now everybody who haven't managed to withdraw their coins, will loose them! for ever! as the sessions expires in 7 days.
I'm think this applies again: Our Tor service is under DOS attack. We are working to resolve this issue. All existing sessions will be extended for another 7 days.
|
|
|
|
btctaipei
Member
Offline
Activity: 141
Merit: 62
|
|
September 14, 2019, 06:49:46 PM Last edit: September 14, 2019, 08:23:23 PM by btctaipei |
|
Now everybody who haven't managed to withdraw their coins, will loose them! for ever! as the sessions expires in 7 days.
it does appear that chipmixer.com over clear net having reachability issues. The .onion over Tor now seems reasonably responsive and after trying multiple mixing sessions no issue were evident. This to exchange voucher and get a list of private key at all for current or previous BTC deposits over http://chipmixerwzxtzbw.onion
|
|
|
|
filipwx
|
|
September 14, 2019, 09:39:42 PM |
|
Now everybody who haven't managed to withdraw their coins, will loose them! for ever! as the sessions expires in 7 days.
it does appear that chipmixer.com over clear net having reachability issues. The .onion over Tor now seems reasonably responsive and after trying multiple mixing sessions no issue were evident. This to exchange voucher and get a list of private key at all for current or previous BTC deposits over http://chipmixerwzxtzbw.onionSo did you manage to get your list of keys? I wonder why there is statement of chipmixer itself.
|
|
|
|
btctaipei
Member
Offline
Activity: 141
Merit: 62
|
|
September 14, 2019, 10:20:45 PM |
|
So did you manage to get your list of keys?
I wonder why there is statement of chipmixer itself.
imported it 100% and moved and combined with dozen of utxo bc1 (bech32) addresses trickle thru multiple lightening channel and doing massive coinjoin createrawtransaction on tor only bitcoincore node for even better privacy. Keep chips size between most common 0.008 - 0.064 btc to make things more difficult for chain analysis. There should be an option to get bech32 privatekeys from chipmixer for privacy and lower fees (some 50%+ fewer satoshi paid when bitcoin network gets congested). This should not be difficult, just need a bit of update with sufficient regression testing on the back office of chipmixing. you can defeat chain analysis with very large pool of private key spread out randomly over period of several month (years in my case) and move it with huge coinjoins to obfusticate those transactions. Affording this, however, to do this it isn't exactly cheap.
|
|
|
|
TryNinja
Legendary
Offline
Activity: 2982
Merit: 7398
|
|
September 14, 2019, 10:25:29 PM |
|
Now everybody who haven't managed to withdraw their coins, will loose them! for ever! as the sessions expires in 7 days.
Along with what Loyce said above, keep in mind that you can always send them an email asking them to extend your session.
|
|
|
|
1Referee
Legendary
Offline
Activity: 2170
Merit: 1427
|
|
September 15, 2019, 09:19:31 AM |
|
There should be an option to get bech32 privatekeys from chipmixer for privacy and lower fees (some 50%+ fewer satoshi paid when bitcoin network gets congested). This should not be difficult, just need a bit of update with sufficient regression testing on the back office of chipmixing.
I don't think it's much of a problem on Chipmixer's end, but more so a problem when it comes to the adoption of bech32 that needs to be more widely deployed. Bitcoin's lowering fees made people pretty comfortable with how the situation is, hence the majority of the clients don't see much need to add it, though I would have preferred them to be more active and give people that option anyway. The trend within crypto seems to be to only act when its needed, and not make sure you're ready to onboard more use beforehand. I personally don't have much of a problem with Chipmixer not offering bech32 support yet. Even the legacy fees aren't usually topping $1 per transaction.
|
|
|
|
AdolfinWolf
Legendary
Offline
Activity: 1946
Merit: 1427
|
|
September 15, 2019, 09:46:06 AM |
|
There should be an option to get bech32 privatekeys from chipmixer for privacy and lower fees (some 50%+ fewer satoshi paid when bitcoin network gets congested). This should not be difficult, just need a bit of update with sufficient regression testing on the back office of chipmixing.
I don't think it's much of a problem on Chipmixer's end, but more so a problem when it comes to the adoption of bech32 that needs to be more widely deployed. Bitcoin's lowering fees made people pretty comfortable with how the situation is, hence the majority of the clients don't see much need to add it, though I would have preferred them to be more active and give people that option anyway. The trend within crypto seems to be to only act when its needed, and not make sure you're ready to onboard more use beforehand. I personally don't have much of a problem with Chipmixer not offering bech32 support yet. Even the legacy fees aren't usually topping $1 per transaction. an upgrade to nested adresses would suffice too. I don't see why not. They're widely, if not everywhere, accepted.
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
September 15, 2019, 11:39:52 AM |
|
an upgrade to nested adresses would suffice too. I don't see why not. They're widely, if not everywhere, accepted.
Nested segwit would be a good upgrade and the only incompatibility issues will be with people running nodes that don't use multisig (which I think was before 2014). I don't think it should be switched to bech32 based on how many people claimed to have "accidentally" hit the "bet" button when there used to be gambling on this site...
|
|
|
|
btctaipei
Member
Offline
Activity: 141
Merit: 62
|
|
September 15, 2019, 01:21:52 PM Last edit: September 15, 2019, 01:33:33 PM by btctaipei |
|
on betting related use case and its privacy implications: ------------------------------------------------------------- aggregated over large number of session with betting activity creates additional entropy source that are non-deterministic and it creates additional hurdle for chain analysis since 1-1 mapping between user's UTXO to mixer and its output is now being tampered with. This occurs because coins input vs output could no longer lostless when traverse thru the mixer.
on bech32 chipmixer blockchain size use reduction and its privacy implication: -------------------------------------------------------------------------------------- For privacy site to scale to 10x of it's current size, the mixing layer could save 100 of MBytes on BTC blockchain over period as a little as a month by the move the mixing operation to off chain transaction with bech32 address over off chain channels such as Lightning Network, CoinSwap, multisignature, etc. This would have significant privacy implications because it would appear indistinguishable from regular single-signature on-chain transaction. Chipmixer can also use a mixture of its own payment channel as well as various other established payment channel to spread with random capacity for each over it's prolonged mixing session to mitigate privacy risks related to advanced off chain analysis adversaries.
|
|
|
|
1Referee
Legendary
Offline
Activity: 2170
Merit: 1427
|
|
September 15, 2019, 10:45:42 PM |
|
an upgrade to nested adresses would suffice too. I don't see why not. They're widely, if not everywhere, accepted.
Fair enough, but the savings on fees with 3xxx addresses would be just 25ish %, which I don't think will motivate Chipmixer to actually go for it, especially with how the number of daily transactions has been declining in the last couple of months due to Tether's Omni exit. Legacy transactions are getting cheaper to send week after week.
|
|
|
|
|