Coin Join and obfuscating identity, balances, privacy. Is it advisable?

[Carlton Banks]

However, as more participants get involved, and payments are made from multiple inputs, it becomes much more difficult to determine who is paying whom.

Imagine instead that the inputs look like this:
(a) 0.15 BTC
(b) 0.15 BTC
(c) 0.15 BTC
(d) 0.15 BTC
(e) 0.15 BTC
(f) 0.15 BTC
(g) 0.15 BTC
(h) 0.15 BTC
(i) 0.15 BTC
(j) 0.15 BTC
(k) 0.15 BTC
(l) 0.15 BTC
(m) 0.15 BTC
(n) 0.15 BTC
(o) 0.15 BTC

(Total = 2.25 BTC)

And that the outputs look like this:

(P) 1.9999 BTC
(Q) 0.0099 BTC
(R) 0.1399 BTC
(S) 0.1 BTC
transaction fee = 0.0003 BTC

Now it becomes much more difficult to determine just how many people are paying, how many people are getting paid, how many "change outputs" there are, and who is paying whom.

great, but then all the outputs can easily be identified as a Coinjoin.


this is a better scheme (a more current method that defeats another form of analysis)


2 participants, A & B:


A: 0.40
A: 0.20 \               ----= 0.60
               \           /
                 -------
               /           \
B: 0.30 /               ----= 0.60
B: 0.30

(fees ignored to simplify, imagine they both paid 1000 satoshis and each received 0.59999 if it makes you happy )

Now, with only 2 outputs, analysis cannot make a reliable suppostion that this was a Coinjoin, it might have been, but it's not beyond doubt. 1 person making a transaction typically only uses a payment output and a change output. You can say "oh some people are more sophisticated than that, simply having 29 outputs that are 1 BTC each doesn't mean it's a Coinjoin". And that's completely irrelevant; if some chain analytics outfit deems it a Coinjoin, it is a Coinjoin, and it's then not difficult to convince someone unsophisticated (who might be playing some important role in relation to a particular transaction) that it's a Coinjoin either.

If you do a transaction like you suggest above (dozens of equal sized outputs), send it to some do-gooder merchant or an exchange, and they report you to the "Bitcoin Police" for being suspicious, what are you going to say then?

[1714572641]

1714572641

[1714572641]

1714572641

[1714572641]

1714572641

[1714572641]

1714572641

[DannyHamilton]

great, but then all the outputs can easily identified as a Coinjoin.


this is a better scheme (a more current method that defeats another form of analysis)

That's great, and I'm sure there are other improvements as well.  My point is that coin join doesn't simply swap coins between two participants (fully implicating one user in another user's crime) as franky1 attempted to imply.

Regardless of the methods I described, the method you've described, or some additional methods, the point remains that franky1's post was misleading and inaccurate.

[franky1]

i am truly laughing at danny
i mean come on danny do you really think that my use of
->
was a big long technical and detailed explaination
do you really think that the complexity of -> truly has the depths to sum up and explain it all
or....

to save waffling my point
as previous posts point out is innocent party B ends up with taint from dodgy person a
oh. and by the way mr hamilton. coinjoin is not some feature that is absolute in its utility

take this example. heck ill even use your more sophisticated alphabet use to describe it
yes ill use C because that seems to make a whole lot of difference
.. and then ill simplify it down to get to the point

a ->c1 -> B
d ->c1 -> E

b - c2 -> A
e - c2 -> D

which simplified still gets you

a-> B
b-> A
i simplified it because
B doesnt care about A or d or D or e or E.. all B cares about is a
A doesnt care about B or d or D or e or E.. all A cares about is b
and thats the point

the topic creator was not asking for a technical breakdown of the coinjoin mechanism he was asking more about advice of whether its safe, legal and morally ok to use coinjoin.. you know.. will he get a knock at the door for accepting funds from undesireables

topic creator used terms like "prove origins of their BTC to a court, tax authority or similar? "
"ramifications"
"privacy"
not
'gimme a technical detailed post about how coinjoin moves funds'

but have a nice day.
its been a laugh

keep up the centralist core dev kiss assing by the way +5

[franky1]

last point
examples of ramifications are:
arrested for money laundering
arrested for tax evasion
arrested for running an unlicenced money transmitter business
arrested for linkage to criminal funds
and many more

did you know that there are ACTUAL cases in the world where people end up spending more money on defending their innocence than what they would have lost if they were guilty. more than the assets seized themselves

a good example is BurtW
http://www.jmwagner.com/

in short all he done was buy and sell btc for his own personal spending/investing.. then he got a knock at the door

[Icygreen]

I've been thinking much more about using a coin join service since my OP and in my attempts to fight for privacy in general, it seems logical that my coins should not allow analytics at this time. One part I'm still confused about before I attempt this is whether or not my Trezor is linked to my coins, perhaps by my seed and ultimately known to Trezor company? What if they are acquired in the future? 
Is is advisable to use a different seed or entirely new Trezor after the mix finishes? One that would only ever receive coinjoins and never from an exchange or KYC source.
 

[buwaytress]

I've been thinking much more about using a coin join service since my OP and in my attempts to fight for privacy in general, it seems logical that my coins should not allow analytics at this time. One part I'm still confused about before I attempt this is whether or not my Trezor is linked to my coins, perhaps by my seed and ultimately known to Trezor company? What if they are acquired in the future? 
Is is advisable to use a different seed or entirely new Trezor after the mix finishes? One that would only ever receive coinjoins and never from an exchange or KYC source.
 

Trezor does not know your seed (it is generated when you set up your wallet for the first time), so they cannot ever have access to your wallet. The same way should be with any other client. Only you should ever be setting up your wallet and generating your own seeds. You should be the only one seeing it. So if you ever get pre-generated seeds with a new client or device or wallet, please don't use it, because of precisely the concerns you just had.

On whether or not you should use a new wallet -- I actually don't know myself, but I do generate a completely new wallet whenever I do a privacy-related consolidation of my bitcoin, that has no other connection to anything else but to receive my mixed bitcoin.

[Carlton Banks]

Trezor does not know your seed (it is generated when you set up your wallet for the first time), so they cannot ever have access to your wallet.

right, but if you use the mytrezor.com web wallet, I ***think*** the website can access the extended public keys (xpub) for each address chain for your seed. If that's correct, SatoshiLabs have access to all the information about all transactions for all addresses generated from your Trezor seed, despite not knowing the seed itself (this is assuming the way the mytrezor.com web-wallet operates, I may be wrong)


the ways to use a Trezor hardware wallet with address privacy in mind are:

• using the python-trezor cli tool from https://github.com/trezor/python-trezor
• using the HWI cli tool from https://github.com/bitcoin-core/HWI
• doing either of the above only ever using addresses from hardened derivation keypaths (which means any leak of xpubs doesn't leak any of your public keys)
• doing all the above using a reasonably secure OS (i.e. not window or macos)

I myself use python-trezor at the moment (with the help of some bash scripts that use both the trezorctl and bitcoin-cli command line utilities). Future incarnations of the HWI tool will be more integrated into the Bitcoin Core wallet, the 0.20.0 release in May includes a big step forward in that direction (a vast overhaul of the wallet code that allows the flexibility to, i.e. in this case let the Trezor act as the transaction signer for a watch-only wallet kept on the computer running Bitcoin Core). In the end, IIUC the goal with HWI is to make a GUI interface that's accessible from within the Bitcoin Core Qt GUI, maybe some of that will be included in 0.20.0 with any luck (ping @achow101 who's part of the work on HWI)

[Icygreen]

Trezor does not know your seed (it is generated when you set up your wallet for the first time), so they cannot ever have access to your wallet.

right, but if you use the mytrezor.com web wallet, I ***think*** the website can access the extended public keys (xpub) for each address chain for your seed. If that's correct, SatoshiLabs have access to all the information about all transactions for all addresses generated from your Trezor seed, despite not knowing the seed itself (this is assuming the way the mytrezor.com web-wallet operates, I may be wrong)


the ways to use a Trezor hardware wallet with address privacy in mind are:

• using the python-trezor cli tool from https://github.com/trezor/python-trezor
• using the HWI cli tool from https://github.com/bitcoin-core/HWI
• doing either of the above only ever using addresses from hardened derivation keypaths (which means any leak of xpubs doesn't leak any of your public keys)
• doing all the above using a reasonably secure OS (i.e. not window or macos)

I myself use python-trezor at the moment (with the help of some bash scripts that use both the trezorctl and bitcoin-cli command line utilities). Future incarnations of the HWI tool will be more integrated into the Bitcoin Core wallet, the 0.20.0 release in May includes a big step forward in that direction (a vast overhaul of the wallet code that allows the flexibility to, i.e. in this case let the Trezor act as the transaction signer for a watch-only wallet kept on the computer running Bitcoin Core). In the end, IIUC the goal with HWI is to make a GUI interface that's accessible from within the Bitcoin Core Qt GUI, maybe some of that will be included in 0.20.0 with any luck (ping @achow101 who's part of the work on HWI)

Sadly, I use windows and have a plug and play education 
Thanks for reminding me where this rabbit hole starts. In this case I'll likely be waiting for dev tools in windows or other HW solutions focused on privacy. For now I'd just like to break analytics and the connection to identity. Can Trezor conceivably know my identity from my use of mytrezor.com or my use of the bridge to wallet.trezor.io?