AdolfinWolf
Legendary
Offline
Activity: 1946
Merit: 1427
|
|
July 29, 2020, 04:07:47 PM |
|
so therotically, the funds from the key which iv'e exported in my wallet and then sent to bitpay are still vulnerable, cause if an third party ( like chipmixer ) still knows these keys ?
No, because once they are confirmed, they belong to an adress of which the private key belongs to bitpay, not you nor Chipmixer. If you're talking about the remainder (the "change"), depending on your wallet software it could be that it's sent to a change address belonging to your original keypool, or it might've not used any change addresses and instead has sent the coins back to the same address, for which the private key is known by chipmixer. As general advice: If you're not planning on immediately spending the keys you received from chipmixer, it's usually a smart idea to send them over to a private key you generated yourself.
|
|
|
|
|
|
|
|
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
moejoejay
Member
Offline
Activity: 138
Merit: 20
|
|
July 29, 2020, 07:39:14 PM |
|
No, because once they are confirmed, they belong to an adress of which the private key belongs to bitpay, not you nor Chipmixer.
so the key is the same but the owner changes ? send them over to a private key you generated yourself. this is the sweeping feature or? best regards
|
|
|
|
AdolfinWolf
Legendary
Offline
Activity: 1946
Merit: 1427
|
|
July 29, 2020, 07:56:22 PM |
|
No, because once they are confirmed, they belong to an adress of which the private key belongs to bitpay, not you nor Chipmixer.
so the key is the same but the owner changes ? If you're talking about the private keys you receive from Chipmixer, yes that is the case. If you're talking about normal bitcoin transactions; no. a different private key will hold the outputs (as otherwise it wouldn't be trustless..) send them over to a private key you generated yourself. this is the sweeping feature or? best regards I think this is what most people understand under "sweeping", correct (?).
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
July 29, 2020, 10:16:01 PM |
|
No, because once they are confirmed, they belong to an adress of which the private key belongs to bitpay, not you nor Chipmixer. so the key is the same but the owner changes ? No. As explained, if you send the bitcoins to Bitpay, once the transaction is confirmed, they will be assigned to the Bitpay Address (which will have a completely different private key to the one you received from ChipMixer. If there is any change from that transaction... ie. you withdrew a 0.1 BTC "chip" and only sent 0.08 BTC to Bitpay... then what happens with the 0.02 BTC change depends on what wallet you used to setup the transaction and/or how that wallet is setup to handle change. If the wallet creates a "new" change address, then the coins are now assigned to a new address (with a new private that neither Bitpay nor ChipMixer have any control over... only your wallet will have the private key. Transaction will look something like this: 0.1 BTC 1ChipMixerAddress -|-> 0.08 1BitPayAddress |-> 0.02 1YourNewAddress <-- Only you have access to this
If the wallet does not create a change address, but sends the coins back to the original address created by ChipMixer, then you and ChipMixer still have access to the coins. Transaction will look like this: 0.1 BTC 1ChipMixerAddress -|-> 0.08 1BitPayAddress |-> 0.02 1ChipMixerAddress <-- Both you AND ChipMixer have the private key for this
|
|
|
|
ChipMixer (OP)
|
|
July 29, 2020, 11:56:50 PM |
|
So there is no possibility to make an (rpc) call or sth like that to destroy the specified client-side cookie also ?
or does this undermine privacy ? if so may it makes sense to put an hint to the side on step 4.
Client-side cookie can be destroyed by server with http header and it will be changed to do so. It does not require Javascript or user action. It will increase privacy. If I Destroy my session, then restore that session in another browser, I get the same deposit address. Is that the intended behaviour?
If you destroy the session (at step 4 you confirm you want to destroy it) - it is impossible to get same deposit address when you restore session with session token. You will get new session with same token but different deposit address and no history. If that is not true - please send us more info by email.
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
July 30, 2020, 01:26:49 AM |
|
@jackg:
i think the tor browser blocks all java ( thats also the reason for that the faq site doesn't working properly anymore)
may just a design for the faq site without folded out parts is an better privacy oriented option.
No I was talking about the console you get by hitting f12 in most browsers, isn't that still available in tor. I'm not sure on running a js app from a your own machine either in tor - I thought that was allowed as there are no outward connections.
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3290
Merit: 16548
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
July 30, 2020, 07:06:18 AM |
|
If I Destroy my session, then restore that session in another browser, I get the same deposit address. Is that the intended behaviour? If you destroy the session (at step 4 you confirm you want to destroy it) - it is impossible to get same deposit address when you restore session with session token. You will get new session with same token but different deposit address and no history. If that is not true - please send us more info by email. I can't reproduce it anymore, so all good.
|
|
|
|
moejoejay
Member
Offline
Activity: 138
Merit: 20
|
|
July 30, 2020, 09:10:24 AM |
|
@chipmixer: You will get new session with same token Whats the reason to hold the same token after destroy the session. It does not require Javascript or user action Ok but if i try to read the faq over tor it doesn't work cause the side elements for expand the Answers seems to embedded with java code. best regards
|
|
|
|
moejoejay
Member
Offline
Activity: 138
Merit: 20
|
|
July 30, 2020, 10:20:41 AM |
|
@jackg: No I was talking about the console you get by hitting f12 in most browsers, isn't that still available in tor. i think thats not really practicable for an normal user to hit f12 to solve an problem. @jackg: @hcp: Not its getting complicated , at least for me and my limited knowledge about how the bitcoin network is working under the surface. neverthless i'm trying to understand and thanks for guidance. how could i figure this out, if i get a "new" change address or an old one ? ( i use electrum ) what if i'm not sweeping my imported keys but just sending to my general wallet ? does it hold my privacy level in any way instead sweeping ? best regards
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
July 30, 2020, 03:18:28 PM |
|
@jackg: No I was talking about the console you get by hitting f12 in most browsers, isn't that still available in tor. i think thats not really practicable for an normal user to hit f12 to solve an problem. @jackg: @hcp: Not its getting complicated , at least for me and my limited knowledge about how the bitcoin network is working under the surface. neverthless i'm trying to understand and thanks for guidance. how could i figure this out, if i get a "new" change address or an old one ? ( i use electrum ) what if i'm not sweeping my imported keys but just sending to my general wallet ? does it hold my privacy level in any way instead sweeping ? best regards Yeah it's not within the scope for a normal user, might have been better to say site settings are normally findable from where you can hit the padlock and hit settings or options to delete data. If you sweep using electrum with the addresses individually then you'll be sending funds individually. If you just import the private keys to a new wallet, you'll have to get a receive address and click each you're trying to spend in turn, right click and press spend from for each... A new return address should be generated each time you send a new transaction but memorising the last 3 characters for example or even the last one shouldn't hurt too much.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
July 30, 2020, 10:33:51 PM |
|
how could i figure this out, if i get a "new" change address or an old one ? ( i use electrum )
You can view the transaction created in Electrum... "receive" addresses within your wallet will be highlighted green... "change" addresses will be highlighted in yellow. If you see an "output" that is green, it is most likely being recycled back into the original receive address. This generally happens if you create a wallet in Electrum that only has imported private keys (in the title bar at the top, it should say [imported]), because Electrum cannot generate new private keys/addresses automatically for this type of wallet... it will only ever have the private keys that you have manually imported. If you have a "standard" wallet... Electrum will generally automatically generate new change addresses as required. However, this wallet type will not let you import private keys, you can only "sweep" them. what if i'm not sweeping my imported keys but just sending to my general wallet ? does it hold my privacy level in any way instead sweeping ? You don't sweep imported keys... you either sweep the keys, which sends funds from those address(es) to a new address(es)... or you import the keys and the funds stay on the original key(s)/address(es) until spent... So, which one are you doing?
|
|
|
|
ranchoodas
Newbie
Offline
Activity: 3
Merit: 0
|
|
July 31, 2020, 01:44:41 AM |
|
Attention:At least one Tor exit node serves chipmixer.com as plain-text stripping SSL encryption and replacing deposit address with their own. If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/ I need help regarding with my session. I was using TOR then connected to chipmixer.com I saved my session token after that I closed the TOR browser and open it again , I pasted my session token and the btc address already changed. I need help recovering my old btc address as my funds are sent to that address. I've been using chipmixer for like 2 years already and it's my first time encountering this problem.
|
|
|
|
moejoejay
Member
Offline
Activity: 138
Merit: 20
|
|
July 31, 2020, 11:14:10 AM Last edit: July 31, 2020, 11:24:13 AM by moejoejay |
|
So, which one are you doing? Huh U right ive point this out in an wrong way i dont mean the keys import or sweeping i mean after the import of the keys. for ex. when i need it on an other wallet to gather funds, then should i sweep or to just send the keys to the other wallet just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer. best regards
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3290
Merit: 16548
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
July 31, 2020, 11:35:07 AM |
|
I need help regarding with my session. It's best to email chipmixer@protonmail.com (it's a good precaution never to trust third parties (such as me), always verify the email address on the actual website). for ex. when i need it on an other wallet to gather funds, then should i sweep or to just send the keys to the other wallet
just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer. Each new wallet means an additional risk of compromising private keys. I would only import private keys when I'm ready to use them.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
July 31, 2020, 11:46:20 AM |
|
U right ive point this out in an wrong way i dont mean the keys import or sweeping i mean after the import of the keys.
for ex. when i need it on an other wallet to gather funds, then should i sweep or to just send the keys to the other wallet just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer.
If you have already imported the keys into an Electrum wallet and you want to move the funds to another wallet... just send them in a transaction as you normally would any other transaction. Although, you might want to consider using the "spend from" option in Electrum, so that you avoid accidentally linking UTXOs back together by including them all as inputs to the same transaction. Also, it would be a go idea to avoid sending all the funds to the same address... as again, that creates a link between them all. This is effectively the same thing as "sweeping"... all sweeping does is "simplify" the process for you and means you don't need to import any keys. Instead, it will take a private key (or keys) and then create a transaction that sends all available UTXOs controlled by those keys to an address of your choosing. Probably not ideal, as you can only specify ONE destination address when sweeping, and that will relink all the UTXOs back together again (unless you sweep each key individually). So, your options are: 1. Import ChipMixer keys, then create transaction to send coins to other wallet (new keys) or 2. Sweep ChipMixer keys directly into other wallet (new keys) or 3. Do neither and leave the coins on the ChipMixer keys until you need to spend them Neither importing nor sweeping is any more "private" than the other if you need to move the coins to another one of your wallets... they will both end up creating transactions that take coins from the ChipMixer addresses and send them to your addresses... and in both situations you need to take steps to prevent them all being relinked. Leaving the coins on the ChipMixer keys until you wish to send them to someone else is probably better for privacy... but security wise is not great because ChipMixer have knowledge of the private keys and you have to trust them not to steal them (or leak the keys). So, in this case, it's a trade-off between privacy and security. Which option is better for your particular use-case is only really something that you can determine.
|
|
|
|
ranchoodas
Newbie
Offline
Activity: 3
Merit: 0
|
|
July 31, 2020, 02:32:48 PM |
|
I need help regarding with my session. It's best to email chipmixer@protonmail.com (it's a good precaution never to trust third parties (such as me), always verify the email address on the actual website). for ex. when i need it on an other wallet to gather funds, then should i sweep or to just send the keys to the other wallet
just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer. Each new wallet means an additional risk of compromising private keys. I would only import private keys when I'm ready to use them. I'm pretty sure I was in the right website , I was just confused why the receiving bitcoin address changed while the session token was just the same. Now I don't have access to the address I used. Hopefully the admin can help me out.
|
|
|
|
ChipMixer (OP)
|
|
July 31, 2020, 10:02:48 PM |
|
Attention:At least one Tor exit node serves chipmixer.com as plain-text stripping SSL encryption and replacing deposit address with their own. If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/ I need help regarding with my session. I was using TOR then connected to chipmixer.com I saved my session token after that I closed the TOR browser and open it again , I pasted my session token and the btc address already changed. I need help recovering my old btc address as my funds are sent to that address. I've been using chipmixer for like 2 years already and it's my first time encountering this problem. ChipMixer deposit address never change for active session. If it changed - you have accessed website without encryption and Tor exit node used their own address instead of ours. If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/
|
|
|
|
ranchoodas
Newbie
Offline
Activity: 3
Merit: 0
|
|
July 31, 2020, 10:22:35 PM |
|
Attention:At least one Tor exit node serves chipmixer.com as plain-text stripping SSL encryption and replacing deposit address with their own. If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/ I need help regarding with my session. I was using TOR then connected to chipmixer.com I saved my session token after that I closed the TOR browser and open it again , I pasted my session token and the btc address already changed. I need help recovering my old btc address as my funds are sent to that address. I've been using chipmixer for like 2 years already and it's my first time encountering this problem. ChipMixer deposit address never change for active session. If it changed - you have accessed website without encryption and Tor exit node used their own address instead of ours. If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/So like even if you're typing chipmixer.com in TOR it's still considered unsecure?
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
July 31, 2020, 10:35:14 PM |
|
So like even if you're typing chipmixer.com in TOR it's still considered unsecure?
Yes because they're using let's encrypt to generate the certificate so they don't have to kyc with anyone. But it also means the attacker can do the same and just push connections through to them via a non ssl protocol (http).
|
|
|
|
moejoejay
Member
Offline
Activity: 138
Merit: 20
|
|
August 01, 2020, 02:57:56 PM |
|
So like even if you're typing chipmixer.com in TOR it's still considered unsecure? dont use clearnet adresses in TOR generally it undermines the privacy principle and may trace u easier in some cases. best regards
|
|
|
|
|