Hello Privcoin,
I created this account for the sole purpose of posting on the forum for all to view in the future, rather than posting my questions in your support function. I'm apprehensive about a few points and I'd love for you to clarify for me and the rest of us who may be wondering.
Finally, can you tell us anything about how your service is hosted? I'm confused as to how you have a clearnet detached from the onion.
- Does this mean your clearnet has absolutely no link to your onion?
- Different hosting providers, different countries, and different server architectures to prevent fingerprinting and surely different TTPs to administrate them both?
- If they are hosted on different hosts, then how do you manage to link the databases securely?
Again and again in your postings and on your website you make statements about the disadvantages of doing business in the United States and yet the vast majority of your English is American dialect. This has me very concerned.
- How can your repeated use of Americanisms and American dialect English be explained despite your strong stance against business in the United States?
Despite it being the most important holiday of the year, our turnaround time on this request was a few hours.
Not everyone celebrates Christmas. I'd argue that it's more likely it's NOT the most popular holiday.
This service was built by a team of security professionals who recognize the need to keep your crypto coins anonymous and not attached to your name. ... I am one of the founding members so I am able to answer technical questions, respond to the support email and provide proof of funds if necessary.
Thankfully, you've stated that you're one of the founding members and you can answer technical questions. You stated also that Privcoin is created by security professionals, so it's with that hope that you'll be able to address my technical questions.
- Can you tell us a little bit about what sort of cryptographic solution you use to track every sincle coin and fraction of a coin that a user has originally owned so they will never receive it again?
- Can you tell us some statistics about what the maximum length of time a single coin, or fraction of a coin, has remained on the tumbler before finally being tumbled out?
- What about a coin that later returns to the tumbler, because another user has brought it back? Perhaps a bot who can register and manage hundreds of users and intentionally redeposits old funds to destroy the ability to successfully obfuscate funds, thus partially deanonymising your users funds.
- What would a database solution look like for tracking the entire life of a coin? This doesn't seem feasible.
- I'm assuming to increase security and privacy that your service is writing all the tumbling operations into the blockchain directly. How are you purging this metadata when you're producing these writes? Does this get included in the 24 hour logs?
This raises additional questions:
- Can you tell us anything about your reserves or volume of BTC, approximate or exact that you use for tumbling? Greater coin count means great obfuscation. Bitmixer.io historically had their coin count total freely listed.
- If you can't tell us, citing a security reason, can you tell us what the security issue would be? I've never consider how showing total volume is a concern.
Secondly, we don't permit as you say "big" transactions. Try setting up a Bitcoin mix, there are hard limits. We do not want to be a high volume Bitcoin mixer for reasons we don't disclose.
This is an alarming statement.
- Why would a mixer want to limit itself? The very principle of a mixer is that more is better.
- What is the reason you can't disclose the reason why not? This is unacceptable and very alarming.
In a screenshot posted on this thread, you showed a preview of the investor panel, which looks great, but raises a couple questions for me.
- In the investor amount, the total amount of profit coins is listed, yet you declare you don't retain logs, so how is this possible?
- The footnote below the graph only mildly explains this perplex display. Can you clarify please?
Is it possible, in future that you will do that example : I pay to your mixer bitcoin, but receive other anonymous coins like monero or Zcash ? whtat will be great pay in one crypto receive other crypto !
thx for answer
Yes we intend to add that feature. For now, check out something like
http://xmr.to- Can you discuss when this feature will be implimented? It's been over a year.
- And just on the next page, you recommend yet another mixer. Why do you continually recommend many different mixers?
Best of luck to Chainalysis tracking your coins if you use multiple addresses and different delays with our service. On more than one occasion we've detected tracking companies trying to inject their coins into our wallets and have taken appropriate counter measures to quarantine those coins. Sometimes we'll just donate their coins to the EFF.
We go the extra mile to protect your privacy.
Now this sounds absolutely fascinating! Would you mind open sourcing the tool you've led us to believe you've developed that has allowed you to anlayse injections to the degree you've caught their attack? This raises several questions:
- You state that you've detected 'tracking companies'. You're saying this is plural, as in more than one. How do you know there's more than one company attacking your mixer?
- How do you know it's not just one company trying different methods?
- Would you be willing to publish a list of their public addresses and any other relevant data?
- You say you've been purging logs, but it seems you're keeping at least some logs, such as in regards to these 'tracking companies'. Is this true?
It came to our attention that some people we hired to market PrivCoin are advertising in places we don't approve of. As of now we are ceasing our relationship with them.
Please tell us more about this incident and how you came to know about the incident.
Finally, will you be publishing some Bug Bounty programme with guidelines for reporting? If there is a vulnerability to report, but without financial motivation, it seems moot.
I asked many questions, some strange and seemingly unrelated, but all with a purpose. I hope you'll answer them all.[/list]
