Bitcoin Forum
February 20, 2020, 10:06:06 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Why I am temporarily wearing an unpaid, unsolicited Chipmixer signature ad  (Read 819 times)
nullius
Copper Member
Full Member
***
Offline Offline

Activity: 238
Merit: 1318


There is only one Bitcoin.


View Profile WWW
January 02, 2020, 03:43:42 AM
Merited by squatz1 (10), Foxpup (6), DarkStar_ (5), malevolent (4), marlboroza (2), hugeblack (2), nc50lc (2), o_e_l_e_o (2), Heisenberg_Hunter (2), 1miau (2), stompix (1), buwaytress (1), mk4 (1), NotATether (1)
 #1

Life experience shows true the age-old principle that people who add gratuitous moralizing to their names are usually covering for their own defects.  For example, if you see a user who calls himself “Honest Trader”, then you may presume that he is a scammer:  Methinks he doth protest too much.

For another example, the self-styled “No HATE” drips acid hate for privacy beneath a transparent veil of mealy-mouthed, nicey-nice “sorry” and “no offense” and other sickeningly saccharine platitudes:

IMO, Mixers are the most evil in crypto because they use for money laundering and those who wear a signature supported that shady activity of them.
Why wear chipmixer? Because they paid you a decent rate, up to BTC0.0375 a week is big enough, big enough for the members to sell their souls and criticize others, sorry if I make that as an example because I notice that most of the critics are from that campaign, sorry again if I'm wrong.

No offense, this is only my opinion and I always like to see fairness in the forum, besides those investors are not kids, they know the risk when investing.

STOP THE HATE, LOVE ONE ANOTHER BECAUSE IT'S CHRISTMAS.

Boldface and red colouring are in the original.  This is stated in response to negative trust-tagging of users wearing a Yobit advertisement that makes impossible financial promises, i.e., a scam.  Of course, “No HATE” does not pause to consider the possibility that the persons who wear Chipmixer ads tend to be honest, and are thus motivated by a desire to alert others to scams.

Now, observe “No HATE’s” premise:  If you want to unlink your financial transactions on an immutable global public ledger, then you must be doing “shady activity”, your privacy tools are “evil”, and people who promote those tools thereby “sell their souls” to the devil of so-called “money laundering”.

(The whole concept of so-called “money laundering” is perverse in principle, twisted in practice, and misunderstood by most people who bandy the phrase about; but that is another matter.)

Having seen one sick tree, step back and observe the forest.  Such attitudes and beliefs are increasingly common nowadays; and by no coincidence, they are becoming more common as governments worldwide work overtime to destroy financial privacy.  Chainsaw needed:  If nobody stands up against this trend, then the trend will continue until all financial privacy is destroyed.



For my part, I cannot tolerate the above-quoted smear of Chipmixer and its signature advertisers—much less the widespread promotion of the underlying hatred of privacy.  Thus in protest, despite the misgivings stated below, I will now spend an as-yet undetermined time carrying an unpaid, unsolicited advertisement for Chipmixer.

I have not spoken to anyone at the Chipmixer campaign before doing this; my actions hereby are completely unilateral—and indeed, I don’t even qualify for the Chipmixer campaign.  My ad is admittedly not as slick as the official one; I may try to improve its aesthetics a bit.

This is an act of solidarity.  In the past, I have spoken to well-known Chipmixer signature advertisers who told me, in essence, the following list of their reasons for wearing Chipmixer:

  • It’s good money.  By such means, they can afford to spend endless hours making this forum a better place, as opposed to spending those hours on some other job.  (There is nothing wrong with the pay rate being a criterion, as long as it’s not the only criterion, and not decisive in itself.  Also, observe that this motivation is the inverse of the sig-spammer:  They want to get paid so that they can spend more time on the forum; they’re not coming to the forum so that they can get paid.)
  • Advertising Chipmixer, a reputable privacy service, is more ethical than advertising the scams pitched by many other campaigns, which they found grossly unacceptable.  In particular, they recoiled in horror at the idea of pumping ICOs (which were all the rage when I had these private discussions).  I infer that they would have flatly refused to advertise Yobit “earn 10% daily, 100% safe” scams at any price.  This directly contradicts “No HATE’s” accusation that they “sell their souls”.
  • A related weaker form of the preceding item:  The Chipmixer campaign is one of the most selective campaigns on the forum.  It is quite difficult to get in; you can’t just be some idiot who spams illiterate, nonsensical shitposts as a desperate money-grab.  Chipmixer sig spam posts are thus practically nonexistent, despite their high posting requirements:  They offer relatively large payments, but they only offer those payments to people who have a long-demonstrated record of prolific, high-quality forum activity.  They get what they pay for—and thus, on the other side of the coin, they offer the person accepting the ad a way to sell your signature without looking spammy.  For elite users with sterling reputations, this is a major concern.

I think that’s fine.  But for my part, I must consider these factors of my own:

  • I generally dislike signature ads.  I may take one someday; but I would prefer to avoid it.  I do recognize that signature ads make it possible for many of the forum’s best regulars to spend fantastic amounts of time and effort here; and really, I could use the money, too.  Well, thus far, I just have not been able to get past my personal feelings on the matter.
  • Although I have nothing against productive, profitable businesses—to the contrary!—it is childishly foolish to behave altruistically toward a business so wealthy and successful that it evidently has a stratospheric advertising budget.  If I am to advertise their services, thus increasing their wealth, then it is only fair that I should get paid.  Well—I will make my point, then change my signature to something else.
  • By design, Chipmixer is a privacy service that you must trust with your privacy.  I strongly dislike that, and cannot endorse it.  On this point, the best that I can say for Chipmixer is that my dislike applies more or less equally to all mixer sites (excluding trustless services such as JoinMarket, which are not “mixers” in the usual sense); and I probably dislike them the least.  I do commend some of Chipmixer’s efforts to improve privacy on the forum; whether that indicates anything useful for trusting the privacy of Chipmixer’s mixing service is a difficult question, and one for which I have no immediate answer.
  • Chipmixer does not implement Segwit.  As an external observer, I infer that it must be because they started when Segwit activation was still tied up in politics; and their innovative design requires them to keep what must be a terrifically large inventory of pre-made “chips” (i.e., UTXOs of various sizes) to distribute.  For privacy reasons, slowly rolling over the inventory of chips may be out of the question:  That would partition the unlinkability set between those who received non-Segwit chips, and those who received Segwit chips.  But rolling over the inventory instantaneously may be financially prohibitive; and that would not avoid a partition, although it would minimize the partition’s effects.  At least, this is my hypothesis based on blackbox observation of how the service works.  I have not spoken to anybody who may actually know.

If you want to use a trusted mixer, Chipmixer is probably the best option.  They are innovative.  By all accounts, they are very reliable.  I myself have sometimes used their services (with coins already anonymized by other means that do not require trust), and I generally avoid trusted mixer sites like plague.



Compare the situation with Tor versus VPN.  Tor is designed to minimize trust generally, and to eliminate the need to trust any node in particular.  If a circuit passes through a node that logs all data, the node still can’t see both endpoints.  With a VPN, you need to trust that the VPN provider is not logging all your Internet activity—as many of them do, all promises to the contrary notwithstanding.

If you want to just send coins to a mixer site, cross your fingers, and hope that it’s not a honeypot logging the links between inputs and outputs, then I suggest that you click the links in my signature and try Chipmixer.  Chipmixer is convenient, and it unlinks your transactions on the public blockchain.  Javascript is not required.

If you want trustless privacy, that is a complicated subject beyond the scope of this topic.  The best I can say here is that as Lightning grows, it will render all these questions obsolete for most use cases:  Blockchain spies can’t trace transactions that never touch the blockchain!

1582236366
Hero Member
*
Offline Offline

Posts: 1582236366

View Profile Personal Message (Offline)

Ignore
1582236366
Reply with quote  #2

1582236366
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582236366
Hero Member
*
Offline Offline

Posts: 1582236366

View Profile Personal Message (Offline)

Ignore
1582236366
Reply with quote  #2

1582236366
Report to moderator
o_e_l_e_o
Legendary
*
Offline Offline

Activity: 840
Merit: 3639


Decent


View Profile
January 02, 2020, 08:47:38 AM
Merited by Foxpup (4), malevolent (3), nullius (2), buwaytress (1), mk4 (1), hugeblack (1)
 #2

Such attitudes and beliefs are increasingly common nowadays
This is the most concerning part of this drama. People (generally speaking) have always been lackadaisical when it comes to their privacy. The utterly stupid "I've got nothing to hide" argument is widely believed. People seem happy to hand over their KYC to total strangers, to let their ISP keep a complete record of everything they do online, to let Google track their physical movements in real time, to let Facebook read all their correspondence, and to let all these companies sell said data to any number of third parties or hand it over to the relevant governments. Hell, people even use devices which measure their heart rate and sleep schedules. These companies know more about you than you do. They justify all this by telling themselves "Well, I'm not doing anything wrong".

I don't need to spend a lot of time dismantling the "nothing to hide" argument, because it is already widely discredited. I will share one of my favorite quotes on the topic though:
Quote from: Glenn Greenwald
The old cliché is often mocked though basically true: there’s no reason to worry about surveillance if you have nothing to hide. That mindset creates the incentive to be as compliant and inconspicuous as possible: those who think that way decide it’s in their best interests to provide authorities with as little reason as possible to care about them. That’s accomplished by never stepping out of line. Those willing to live their lives that way will be indifferent to the loss of privacy because they feel that they lose nothing from it. Above all else, that’s what a Surveillance State does: it breeds fear of doing anything out of the ordinary by creating a class of meek citizens who know they are being constantly watched.

Now, if users like "No HATE" are so keen and happy to give up their privacy (although one must laugh at a person using an obvious alt-account to decry privacy), then that's their prerogative. I frequently advise against it and discuss how to avoid it, but ultimately, if you want to compromise your own privacy, then there's really nothing I (or anybody else) can do to stop you. However, you don't get to compromise my privacy. To call privacy enhancing tools (such as bitcoin mixers) evil because a minority may use them for nefarious purposes (just as a minority use Tor, the internet, cash, for nefarious purposes) makes you no better than the agencies and companies using the "nothing to hide" justification to spy on the public. If you live a life so meek and unexceptional that you are quite happy opening it up to scrutiny by anyone who is interested, so be it, but you have no right to force that nonsense on others.

It is doubly concerning to see these kinds of attitudes becoming more commonplace on a forum which is supposed to be united in our combined desire not to trust third parties.

AdolfinWolf
Legendary
*
Offline Offline

Activity: 1316
Merit: 1194


people run from rain but sit in bathtubs of water


View Profile
January 02, 2020, 02:28:46 PM
Last edit: January 02, 2020, 02:54:22 PM by AdolfinWolf
Merited by nullius (2), hugeblack (1)
 #3

I very much agree with most points you're making. I'd however like to place a footnote here;


If you want to just send coins to a mixer site, cross your fingers, and hope that it’s not a honeypot logging the links between inputs and outputs, then I suggest that you click the links in my signature and try Chipmixer.  Chipmixer is convenient, and it unlinks your transactions on the public blockchain.  Javascript is not required.

If you want trustless privacy, that is a complicated subject beyond the scope of this topic.  The best I can say here is that as Lightning grows, it will render all these questions obsolete for most use cases:  Blockchain spies can’t trace transactions that never touch the blockchain!

This is still a scenario which one -- who takes his privacy *extremely serious* --  should consider. We have yet to see any proof Chipmixer isn't a honeypot per se either (Though- it'd be pretty much impossible to prove or disprove anyway-). While I might believe that Chipmixer is acting in good faith- it'd be weird for me to tell others they actually are, without any immutable proof.

Therefore, if one is using Chipmixer for anything other than unlinking their inputs for the commonalty and some improved privacy, i'd highly suggest he thinks twice about such a scenario.


squatz1
Legendary
*
Offline Offline

Activity: 1288
Merit: 1078


Flying Hellfish is a Commie


View Profile
January 02, 2020, 03:56:40 PM
Merited by nullius (3)
 #4

I very much agree with most points you're making. I'd however like to place a footnote here;


If you want to just send coins to a mixer site, cross your fingers, and hope that it’s not a honeypot logging the links between inputs and outputs, then I suggest that you click the links in my signature and try Chipmixer.  Chipmixer is convenient, and it unlinks your transactions on the public blockchain.  Javascript is not required.

If you want trustless privacy, that is a complicated subject beyond the scope of this topic.  The best I can say here is that as Lightning grows, it will render all these questions obsolete for most use cases:  Blockchain spies can’t trace transactions that never touch the blockchain!

This is still a scenario which one -- who takes his privacy *extremely serious* --  should consider. We have yet to see any proof Chipmixer isn't a honeypot per se either (Though- it'd be pretty much impossible to prove or disprove anyway-). While I might believe that Chipmixer is acting in good faith- it'd be weird for me to tell others they actually are, without any immutable proof.

Therefore, if one is using Chipmixer for anything other than unlinking their inputs for the commonalty and some improved privacy, i'd highly suggest he thinks twice about such a scenario.



This is the biggest thing here, there's really no way to confirm this and even people that promote ChipMixer for money will say so. I wouldn't be surprised if the people at ChipMixer came out and said that too -- because it's true. We all put our blind trust and faith into ChipMixer without really knowing how much of it works, and how it's going to be helping us.

The real best way of mixing right now is using a privacy coin like Monero.

For the nothing to hide argument and all of that stuff, I point to Glenn Greenwald in one of his Ted Talks. Pretty much sums up my view, and can convince a good deal of people.

Over the last 16 months, as I've debated this issue around the world, every single time somebody has said to me, "I don't really worry about invasions of privacy because I don't have anything to hide." I always say the same thing to them. I get out a pen, I write down my email address. I say, "Here's my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting. After all, if you're not a bad person, if you're doing nothing wrong, you should have nothing to hide." Not a single person has taken me up on that offer.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
  WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
stompix
Legendary
*
Offline Offline

Activity: 1344
Merit: 1402



View Profile
January 02, 2020, 11:38:16 PM
Merited by nullius (1)
 #5

~snip
Now, observe “No HATE’s” premise: 
~snip

Hmm, premise you say

Campaign such us yobit, sportsbet, and bitcasino which have active scam accusations are free to advertise their campaign because DTs are not tagging participants.

Don't tag members of yobit campaign, just skip that x10, it's been there a long time already, and the last time yobit run a campaign, participants were not tag and live coin participants were not tag as well because that's the right thing to do. 

This kind of premise will always change to match your alt's signature Tongue.
Great post but unfortunately those that need to read it won't do it as their attacks on chipmixer where not because they don't believe in the service or they were against mixing services in general, it was pure and simple whataboutism driven by financial reasons.

Not going to spend too much time on discussing chipmixer since my opinion might and it's probably biased but I doubt the honeypot scenario, you don't run a honeypot for two years, on Hansa they run the site for just a month and the amounts involved are on totally different levels.
But, who knows...



JollyGood
Hero Member
*****
Online Online

Activity: 994
Merit: 745


Promote your business here


View Profile
January 03, 2020, 01:13:34 AM
 #6

I very much agree with most points you're making. I'd however like to place a footnote here;


If you want to just send coins to a mixer site, cross your fingers, and hope that it’s not a honeypot logging the links between inputs and outputs, then I suggest that you click the links in my signature and try Chipmixer.  Chipmixer is convenient, and it unlinks your transactions on the public blockchain.  Javascript is not required.

If you want trustless privacy, that is a complicated subject beyond the scope of this topic.  The best I can say here is that as Lightning grows, it will render all these questions obsolete for most use cases:  Blockchain spies can’t trace transactions that never touch the blockchain!

This is still a scenario which one -- who takes his privacy *extremely serious* --  should consider. We have yet to see any proof Chipmixer isn't a honeypot per se either (Though- it'd be pretty much impossible to prove or disprove anyway-). While I might believe that Chipmixer is acting in good faith- it'd be weird for me to tell others they actually are, without any immutable proof.

Therefore, if one is using Chipmixer for anything other than unlinking their inputs for the commonalty and some improved privacy, i'd highly suggest he thinks twice about such a scenario.

Well the OP mentioned a Tor versus VPN analogy so going by that scenario you can look at NordVPN for example. They employed third party independent external auditors to check their no logs policy and they passed it with flying colours after a thorough check. Others VPNs such as PureVPN have also stated a no logs policy but do indeed log for whatever time the connection is valid, others have their own structure but do log various things even though they sell their service as a no logs policy. As mentioned NordVPN did pass with flying colours as it did what it said on the tin.

Back to Chipmixer, to my knowledge so far no claims have been made with regards to users being (selective) scammed and that is a great thing for reputation sake but would a third party independent external auditor checking things over and giving their verdict be enough to reassure those that are not convinced about its effectiveness for anonymity?

AdolfinWolf
Legendary
*
Offline Offline

Activity: 1316
Merit: 1194


people run from rain but sit in bathtubs of water


View Profile
January 03, 2020, 12:02:49 PM
Last edit: January 03, 2020, 12:28:36 PM by AdolfinWolf
Merited by nullius (4), figmentofmyass (1), hugeblack (1)
 #7

Back to Chipmixer, to my knowledge so far no claims have been made with regards to users being (selective) scammed and that is a great thing for reputation sake but would a third party independent external auditor checking things over and giving their verdict be enough to reassure those that are not convinced about its effectiveness for anonymity?
Well, sure, but i think that the point is that that's impossible. Let's suppose an auditor checks Chipmixer's infrastructure- and then gives "the green light"; Chipmixer could, if they wanted to, simply change some of the source code. Any of the current mixers could.

But also, for logging transactions, with mixers being in the current form they are; they wouldn't even need to change any code/have any "malicious code". there would be a multitude of ways to log transactions, and still pass an "audit" at the same time.
Thus, it all comes down to pure trust.

JollyGood
Hero Member
*****
Online Online

Activity: 994
Merit: 745


Promote your business here


View Profile
January 03, 2020, 09:35:36 PM
 #8

Back to Chipmixer, to my knowledge so far no claims have been made with regards to users being (selective) scammed and that is a great thing for reputation sake but would a third party independent external auditor checking things over and giving their verdict be enough to reassure those that are not convinced about its effectiveness for anonymity?
Well, sure, but i think that the point is that that's impossible. Let's suppose an auditor checks Chipmixer's infrastructure- and then gives "the green light"; Chipmixer could, if they wanted to, simply change some of the source code. Any of the current mixers could.

But also, for logging transactions, with mixers being in the current form they are; they wouldn't even need to change any code/have any "malicious code". there would be a multitude of ways to log transactions, and still pass an "audit" at the same time.
Thus, it all comes down to pure trust.

That issue of pure trust you refer to (as in just trusting a project or a person) based on available evidence and gut-feeling, it varies from person to person. Maybe there will never be a universal position on this as it stands but if the day comes where there was ever a major breach or major scam which resulted in losses for either the mixer or the end user then it might be the catalyst to kick start an overhaul of how mixers work.

nullius
Copper Member
Full Member
***
Offline Offline

Activity: 238
Merit: 1318


There is only one Bitcoin.


View Profile WWW
January 04, 2020, 04:19:20 AM
Merited by Foxpup (4), AdolfinWolf (1), hugeblack (1)
 #9

Such attitudes and beliefs are increasingly common nowadays
This is the most concerning part of this drama. People (generally speaking) have always been lackadaisical when it comes to their privacy.

[...]

It is doubly concerning to see these kinds of attitudes becoming more commonplace on a forum which is supposed to be united in our combined desire not to trust third parties.

Only two years ago, it seemed to me that most of the “we need KYC because of money laundering” propaganda was being parroted by the types who pad their activity counts with mindless drivel in megathreads.  Now, it seems to be all over the forum—and elsewhere in places where one may expect an understanding of privacy issues.

For the most ironic of countless petty examples that I have recently seen all over the Internet, observe how a a technical discussion on tor.stackexchange was cut short with extreme rudeness (archived):


I was shocked to see that from someone who evidently has deep technical knowledge about onions.  Turning the sarcasm up past (9/)11, I must remark, it seems the attitude is:  “Here, I thought you must be building some nice kidporn site or drug market.  Now that I know you are building a Bitcoin ‘mixer’, you are beneath contempt!”  Does an apparent expert in Tor onions not realize that all tools can be abused, but good people need them for good purposes?

I certainly do not want to reflect badly on Tor here, based on the rude and thoughtless comment by some arbitrary Stack Exchange user.  The Tor Project itself is proud that “Tor secures cryptocurrency networks!”  And the Tor Blog recently published as a guest opinion the single best short essay on financial privacy that I have recently read.  Print that one out, and hang it on your wall!  As I stated in OP here, I had long ago reached its same conclusion that Lightning Network is the future of financial privacy:

Quote from: Alex Gladstein (2019-12-18)
The caveat is that this [Bitcoin privacy] is essentially an expert-level task at the moment.  Strategies like running a full Bitcoin node over Tor, using cutting-edge mixers, and avoiding centralized exchanges that enforce KYC “Know Your Customer” regulations are out of reach for the average Bitcoin user.  But the blueprint exists for making daily payments for the average person private using Bitcoin as a foundational technology.

One way to do this may be through the Lightning Network...  Lightning could very well be the scaling solution for Bitcoin, with the extra benefit that it can transform Bitcoin’s pseudonymous payment structure into something that’s virtually anonymous.  Lightning is nascent today, and needs a lot of work.  But the building blocks are there for you to be able to, within a year or two, use it to make the equivalent of cash transactions in the digital world....

Using digital cash is one way to take back the internet and protect what privacy we have.  The Tor and Bitcoin communities can make for powerful allies in this effort.


Well, sure, but i think that the point is that that's impossible. Let's suppose an auditor checks Chipmixer's infrastructure- and then gives "the green light"; Chipmixer could, if they wanted to, simply change some of the source code. Any of the current mixers could.

Thanks for making this post much shorter!  I can only add that if I were Chipmixer, I would not get such an audit.  I would not want to risk granting the auditor (perforce an outsider) high-level access to my systems for no useful purpose; and I would not want to give my customers a false sense of security by “proving” the impossible.  I respect Chipmixer more because they don’t seem to be the types to claim that they can prove such a thing.



Boldface added on some particularly important points that I fully agree with:

This is still a scenario which one -- who takes his privacy *extremely serious* --  should consider. We have yet to see any proof Chipmixer isn't a honeypot per se either (Though- it'd be pretty much impossible to prove or disprove anyway-).

This is the biggest thing here, there's really no way to confirm this and even people that promote ChipMixer for money will say so. I wouldn't be surprised if the people at ChipMixer came out and said that too -- because it's true. We all put our blind trust and faith into ChipMixer without really knowing how much of it works, and how it's going to be helping us.

I should reiterate a theme of my OP:  I am walking a fine line in so far as I don’t want to FUD Chipmixer, but I need to examine this issue honestly.

It is a service that I want to like.  It is the only centralized, trusted mixer that I want to like.  Their signature ads specifically speak to privacy.  Their FAQ quotes Dr. Adam Back to answer the question, “Fungibility?  Why would I care?”  Oh yes, I want to like them!

They may well be real privacy advocates running an excellent, trustworthy service.  If so, they are also providing an ancillary benefit to society:  Their ads promote the idea of privacy at a time when society is moving in the opposite direction.  This is why I was outraged to see them and their advertisers smeared as “evil”.

I hope that’s what they are...

Not going to spend too much time on discussing chipmixer since my opinion might and it's probably biased but I doubt the honeypot scenario, you don't run a honeypot for two years, on Hansa they run the site for just a month and the amounts involved are on totally different levels.
But, who knows...

If Crypto AG could sell NSA-backdoored security products for governments and militaries for five decades, then I would not make such inferences.  Though of course that was the NSA, not a garden-variety police sting; and if Chipmixer is a honeypot, they certainly provide one of the best, most competently-run honeypots on the Internet today!

I further observe that Chipmixer’s overt attitude is not of the kind used to attract the criminal element; there is a sort of “darknet” cant seen on some sites, thinly-veiled hints that we will help you get away with it, which is completely absent from Chipmixer.  They “smell” clean.  They speak the language that speaks to you and me; and they pour what must be a fantastic advertising budget into the Bitcoin Forum, which is a good place to attract non-criminals.

This suggests that if they are a honeypot, they are probably an intel operation targeting smart people, not a police sting targeting the kinds of people for whom “opsec” means getting a post office box for receiving bulk quantities of felonious contraband from anonymous persons you met on the darknets.*

Or else, they are hardcore privacy advocates who know that most people will use a centralized mixer, so they should provide a good one.  I said, I want to like them...

(* Not that all Internet drug dealers are so stupid, but many of them are!  The example hereby given is based on a real-life case that I read about a few years ago:  Somebody decided to get rich dealing drugs on DNM, and therefore bought drugs wholesale by the kilo from DNM.  Shipped to his post office box—where he picked them up personally—thus where the police picked him up in a controlled delivery.  This leads me to wonder, why do we need mass surveillance?  The cops have their hands full with dopes who are practically begging to be caught.)


...if the day comes where there was ever a major breach or major scam which resulted in losses for either the mixer or the end user then it might be the catalyst to...

To be clear, there are two separate trust issues:  Trusting the mixer to not steal your coins, and trusting the mixer to not violate your privacy while pretending to protect it.  I have been discussing only the latter.  The former is an important issue; but if it were the only issue, I would be comfortable saying that I trust Chipmixer based on their established reputation.

Note that there have been major scams with mixers, including selective scamming and exit scams.  That never deterred the use of mixers generally; and it did not:

kick start an overhaul of how mixers work.

That effort started long ago, with practical implementations you can use today—plus too much related research to sum up in a few handy links.  Bitcoin privacy is a big topic.  And in the future, as I said, I think that this whole discussion will be made obsolete.

What a mixer site most provides is convenience and accessibility.  You send them coins; you get back other coins; and you hope that they did not retain any data connecting these coins to those coins.  It is simple for the user, though a well-run mixing site will have much complexity behind the scenes.  Chipmixer does a good job of that:  The site is a pleasure to use, and easy enough for anybody.

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 840
Merit: 3639


Decent


View Profile
January 04, 2020, 11:07:27 AM
Merited by DarkStar_ (5), malevolent (2), hugeblack (1)
 #10

As mentioned NordVPN did pass with flying colours as it did what it said on the tin.
As alluded to above, this doesn't really prove anything about your VPN. You still have to trust the auditor, and you have to trust that the VPN hasn't changed anything since the audit. Even in cases where a VPN provider has been subpoenaed (or another jurisdiction's equivalent) and has been found to have no logs, it only proves that they didn't keen logs then. A case which was discussed on the forum a few weeks ago is that of Private Internet Access. PIA have previously been taken to court (twice, if memory serves) and had no logs they could provide. Many users might see that a ringing endorsement of their service. However, PIA have since been bought over by a parent company (Kape) which are infamous for infecting their own customers with malware, and own another VPN with a very loose policy on sharing your personal data. Much like with bitcoin, past performance is no guarantee of future results.

And the Tor Blog recently published as a guest opinion the single best short essay on financial privacy that I have recently read.
A nice read. Thanks for flagging it up.

This leads me to wonder, why do we need mass surveillance?  The cops have their hands full with dopes who are practically begging to be caught.
Mass surveillance isn't about catching criminals; it's about controlling the population. People who know they are being watched are meek and unassuming, dutiful and obedient. That and the ability to sell your data and use them to win elections.
Quote from: Glenn Greenwald
And history shows that the mere existence of a mass surveillance apparatus, regardless of how it is used, is in itself sufficient to stifle dissent. A citizenry that is aware of always being watched quickly becomes a compliant and fearful one.

JollyGood
Hero Member
*****
Online Online

Activity: 994
Merit: 745


Promote your business here


View Profile
January 04, 2020, 02:55:06 PM
 #11

As mentioned NordVPN did pass with flying colours as it did what it said on the tin.
As alluded to above, this doesn't really prove anything about your VPN. You still have to trust the auditor, and you have to trust that the VPN hasn't changed anything since the audit. Even in cases where a VPN provider has been subpoenaed (or another jurisdiction's equivalent) and has been found to have no logs, it only proves that they didn't keen logs then. A case which was discussed on the forum a few weeks ago is that of Private Internet Access. PIA have previously been taken to court (twice, if memory serves) and had no logs they could provide. Many users might see that a ringing endorsement of their service. However, PIA have since been bought over by a parent company (Kape) which are infamous for infecting their own customers with malware, and own another VPN with a very loose policy on sharing your personal data. Much like with bitcoin, past performance is no guarantee of future results.
Just for the record I do not use NordVPN, PureVPN, SharkVPN or any other I mentioned a couple of posts back, they were just examples since the OP gave an example and analogy of VPNs   Cheesy

As for what you say about audits and auditors along with a no logs/record policy - yes it is true it does not prove anything because of the possibilities of altering the situation after the event. That same sentiment was also echoed excellently above by AdolfinWolf too and both of you are correct to highlight that auditing though might have some benefits it ultimately cannot be the seal of approval.

What would you say is the best way forward for mixers to try to get users to have full confidence when using their service?

(And a belated congratulations on becoming a Legendary member on the same day I made Hero rank)

johhnyUA
Legendary
*
Offline Offline

Activity: 1470
Merit: 1235


Crypto for the Crypto Throne!


View Profile
January 06, 2020, 03:38:42 PM
 #12

Compare the situation with Tor versus VPN.  Tor is designed to minimize trust generally, and to eliminate the need to trust any node in particular.  If a circuit passes through a node that logs all data, the node still can’t see both endpoints.  With a VPN, you need to trust that the VPN provider is not logging all your Internet activity—as many of them do, all promises to the contrary notwithstanding.

There is no ideal solution. As i know, the better way is to combine VPN + Tor. For example, your internet provider can see you using Tor. But not for what you are using it. With VPN over Tor noone will know that you (in meaning your IP) using Tor, while VPN provider don't know for what you're using it. Win-win strategy

Also, for example, even launching bitcoin node through Tor isn't a good idea - https://www.computer.org/csdl/proceedings-article/sp/2015/6949a122/17D45X2fUEK (maybe something changed from 2015 but i doubt)

Bitcoin maximalist
Reinforce your privacy! List of bitcoin mixers. Use wassabi wallet or samurai wallet. And don't forget about PGP!
o_e_l_e_o
Legendary
*
Offline Offline

Activity: 840
Merit: 3639


Decent


View Profile
January 06, 2020, 04:06:21 PM
Merited by Foxpup (3), LoyceV (2), ETFbitcoin (1)
 #13

Just for the record I do not use NordVPN, PureVPN, SharkVPN or any other I mentioned a couple of posts back
Just for the record, neither do I. Tongue

What would you say is the best way forward for mixers to try to get users to have full confidence when using their service?
I don't think I could confidently answer that, and I'm sure if there was a simple solution someone much smarter than me would have already implemented it. I often see blinded bearer certificates mentioned, and theymos wrote a good summary on them on reddit a few years ago (https://www.reddit.com/r/Bitcoin/comments/5ksu3o/blinded_bearer_certificates/). However, there seems to have been very little, if any, development on developing them with bitcoin since then. As nullius mentioned above, I suspect the ultimate answer will lie in Lightning Network, perhaps using rendez-vous routing so the sender and recipient can hide their details from each other.



As i know, the better way is to combine VPN + Tor.
Not necessarily.

With VPN over Tor noone will know that you (in meaning your IP) using Tor, while VPN provider don't know for what you're using it.
Careful with your wording here. "VPN over Tor" means connecting to Tor first, and then connecting to your VPN second, therefore accessing your VPN "over" the Tor network. This is worse than just using Tor on its own. It negates the entire point of using Tor since all your traffic will be re-routed through your VPN server, meaning your VPN provider can still see all your traffic (and link it to your real identity if you have given them any personal details when singing up or paid in fiat or non-anonymized bitcoin).

I suspect what you mean is "Tor over VPN", which is connecting to your VPN server first and then through the Tor network. While you are right in saying this will hide the fact you are using Tor from your ISP, it isn't necessary since you can achieve this using a Tor bridge with or without a pluggable transport. Whether or not you want to use a VPN server or a pluggable transport depends on whether you trust your VPN provider or a random Tor entry guard more.

johhnyUA
Legendary
*
Offline Offline

Activity: 1470
Merit: 1235


Crypto for the Crypto Throne!


View Profile
January 06, 2020, 05:14:35 PM
 #14

I suspect what you mean is "Tor over VPN"


Yep. While i'm not native english speaker, i make simplification sometimes and therefore misunderstanding occur  Smiley

Whether or not you want to use a VPN server or a pluggable transport depends on whether you trust your VPN provider or a random Tor entry guard more.

VPN it's very hard topic to talk. For example, "quality" of the VPN as a service highly depends from country where you located and VPN company located. Example: I'm in Ukraine, and Ukraine don't have any diplomatic agency with Taiwan, so i can easily use Taiwanese VPN, because ukrainian police or intelligence agency can't force these VPN's to share information about me. I think you understand why so, countries and their services (like police) interact with each other through embassies or consulates. The only way is to use Interpol or some other such services.

On the other hand, it's not a good idea to use taiwanese vpn if you're from USA, because Taiwan is highly dependent of the USA.

Also, about Tor: you can check my link above and see, that it's enough easy to make Sybil attack, which makes Tor "from the box" (without needed maintance) much more dangerous than any VPN.

Bitcoin maximalist
Reinforce your privacy! List of bitcoin mixers. Use wassabi wallet or samurai wallet. And don't forget about PGP!
JollyGood
Hero Member
*****
Online Online

Activity: 994
Merit: 745


Promote your business here


View Profile
January 06, 2020, 06:05:15 PM
 #15

Just for the record I do not use NordVPN, PureVPN, SharkVPN or any other I mentioned a couple of posts back
Just for the record, neither do I. Tongue

What would you say is the best way forward for mixers to try to get users to have full confidence when using their service?
I don't think I could confidently answer that, and I'm sure if there was a simple solution someone much smarter than me would have already implemented it. I often see blinded bearer certificates mentioned, and theymos wrote a good summary on them on reddit a few years ago (https://www.reddit.com/r/Bitcoin/comments/5ksu3o/blinded_bearer_certificates/). However, there seems to have been very little, if any, development on developing them with bitcoin since then. As nullius mentioned above, I suspect the ultimate answer will lie in Lightning Network, perhaps using rendez-vous routing so the sender and recipient can hide their details from each other.



As i know, the better way is to combine VPN + Tor.
Not necessarily.

With VPN over Tor noone will know that you (in meaning your IP) using Tor, while VPN provider don't know for what you're using it.
Careful with your wording here. "VPN over Tor" means connecting to Tor first, and then connecting to your VPN second, therefore accessing your VPN "over" the Tor network. This is worse than just using Tor on its own. It negates the entire point of using Tor since all your traffic will be re-routed through your VPN server, meaning your VPN provider can still see all your traffic (and link it to your real identity if you have given them any personal details when singing up or paid in fiat or non-anonymized bitcoin).

I suspect what you mean is "Tor over VPN", which is connecting to your VPN server first and then through the Tor network. While you are right in saying this will hide the fact you are using Tor from your ISP, it isn't necessary since you can achieve this using a Tor bridge with or without a pluggable transport. Whether or not you want to use a VPN server or a pluggable transport depends on whether you trust your VPN provider or a random Tor entry guard more.

I agree... going by the VPN + TOR example, that is no way to guarantee user anonymity if that is what is expected by using those two in that order.

About using rendez-vous routing and Lightening Network - I had never heard about this before. I will search online to get some sort of idea about the process theoretically should work just so I can get an understanding. Thank you for mentioning it in your post.


nullius
Copper Member
Full Member
***
Offline Offline

Activity: 238
Merit: 1318


There is only one Bitcoin.


View Profile WWW
January 06, 2020, 06:29:19 PM
Merited by ChipMixer (5), Welsh (4), LoyceV (4), Foxpup (3), fillippone (3), hugeblack (2)
 #16

blinded bearer certificates

If Chipmixer were interested in running such a service, I would be interested in implementing the code to turn Chipmixer into a Chaumian bank.  Trustless for privacy, though you must trust them to not steal your money (just as now).  I would use a protocol designed by cryptographers, not my own concoction; blinded signature schemes are hard to get right (plus there is some existing open-source code I may adapt).

I am not saying this off-the-cuff.  I have been toying with this for a few years; and it’s all meticulously planned, at least on paper.  (It may take me significant time to actually do all the necessary code).  I would ask for nothing upfront, but a percentage share of revenue from the blinded service; fair is fair, it’s a business, and it would be nice to actually make money improving privacy after the opportunity cost I paid by avoiding the global public ledger for years.  Risk to them is zero:  If I deliver nothing, or if they think my protocol is insecure, or if I write shitty code, then I get nothing.  Bonus:  I could be paid in blinded chips!

(I also picked a name, and worked out some excellent branding for a new, trustless mixer service.  I would be sad not to use it; but they already have an established, respected brand.  Well, maybe they would want it adapted to a new ad campaign...)

The reason why I never did it to run my own service is that I do not think I have the resources for that.  It is a high-threat business.  It also requires significant capital up-front, especially if you want an inventory of aged UTXOs to hand out.  Chipmixer has a demonstrated record.  They’ve been attacked, DDoSed, no doubt thoroughly scrutinized by those who hate privacy—they’re still there.  They can do it—and then, there would be no ongoing incentive for anybody to track me down and get rid of me.  If I were to drop dead, it would not take down the service; I like it that way.  (If they were to disappear, I could help somebody else duplicate the service; so it’s good for them, too.)

The blinded service would require code running on the client.  It is unavoidable:  The client needs to generate blinded tokens, unblind them, etc.  This in turn invokes other practical problems that I’ve spent a long time wrestling with.  I think it would work out best if they continued running the simple, easy, trusted no-Javascript service, but added the blinded service as another option.  I would design it so that clients (including robots) could use the blinded service through a JSON API, so people could even write their own clients for my protocol; but you know, 99% of people would just use the blob of code that automagically runs in the browser.

As an ancillary benefit, I think that the willingness to run a trustless service would strongly signal “not a honeypot”.  Of course, it would not prove it.  But it is quite doubtful that a honeypot operator would ever offer a blinded alternative!

I would strongly urge them to roll over their UTXO inventory to native Segwit (bech32), and use the same inventory for both services so they have a single, unpartitioned anonymity set (for any adversary except Chipmixer itself).  The next version would integrate Lightning.

FYI, by the way, segvan started as a trivial whimsy project to efficiently bulk-generate bech32 addresses with random private keys.  It still has that feature; it grew the vanity search code later.  The motive was my frustration with Chipmixer not doing Segwit—it made me feel better to bat out some code making bech32 “chips” at a speed limited by my /dev/random.  I watched the bech32 “chips” scroll up the screen in a blur, and wished that Chipmixer would do Segwit.  I’ve had my eye on Chipmixer for a long time.  I have always wanted to like them.

My PGP key is linked in my signature, in case Chipmixer is interested in taking “mixing reinvented for your privacy” to a new level!


(And no, I did not plan this when I started this thread.  A blinded mixer has been my secret dream for the past few years.  The above screenshot of a Stackexchange discussion is something I found while doing research for this—at which point, I had already been on-and-off planning it for a very long time.  I’ve spent endless hours working on the design details.  I did not intend to broach it publicly; to the contrary.  But when o_e_l_e_o mentioned the word “blinded”, I just cannot resist seizing the moment to maybe, just maybe see my dream come true via Chipmixer’s existing position as a well-known, well-advertised, widely-respected mixer...  Well, dice are a popular use of Bitcoin, alea iacta est.)

malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 2478
Merit: 1336



View Profile
January 07, 2020, 05:50:53 AM
Last edit: January 07, 2020, 07:04:18 AM by malevolent
 #17

VPN it's very hard topic to talk. For example, "quality" of the VPN as a service highly depends from country where you located and VPN company located. Example: I'm in Ukraine, and Ukraine don't have any diplomatic agency with Taiwan, so i can easily use Taiwanese VPN, because ukrainian police or intelligence agency can't force these VPN's to share information about me. I think you understand why so, countries and their services (like police) interact with each other through embassies or consulates. The only way is to use Interpol or some other such services.

On the other hand, it's not a good idea to use taiwanese vpn if you're from USA, because Taiwan is highly dependent of the USA.

Just because two non-hostile countries don't have official diplomatic relations between one another doesn't mean any cooperation can be completely ruled out. Depends on how much of a high-value target one becomes.

For the most ironic of countless petty examples that I have recently seen all over the Internet, observe how a a technical discussion on tor.stackexchange was cut short with extreme rudeness (archived):

Strange reaction, given that user's activity on tor.stackexchange. Maybe he had other reservations about creating new circuits such as extra load to the Tor network?

johhnyUA
Legendary
*
Offline Offline

Activity: 1470
Merit: 1235


Crypto for the Crypto Throne!


View Profile
January 08, 2020, 06:49:57 PM
 #18

Just because two non-hostile countries don't have official diplomatic relations between one another doesn't mean any cooperation can be completely ruled out. Depends on how much of a high-value target one becomes.

You're definitely right in your second sentence.If you're high criminal, countries will use supranational services, like Interpol. But without them it's really hard to get any information without embassies.

Also everything depends from what laws about information security are adopted in country where your VPN located. The best one is of course Switzerland

Bitcoin maximalist
Reinforce your privacy! List of bitcoin mixers. Use wassabi wallet or samurai wallet. And don't forget about PGP!
ChipMixer
Sr. Member
****
Offline Offline

Activity: 356
Merit: 293


ChipMixer.com | ChipMixerwzxtzbw.onion


View Profile WWW
January 12, 2020, 02:27:18 AM
Merited by nullius (5), LoyceV (4), malevolent (3), Foxpup (2), o_e_l_e_o (2), rdbase (1), hugeblack (1), amishmanish (1)
 #19

Well, sure, but i think that the point is that that's impossible. Let's suppose an auditor checks Chipmixer's infrastructure- and then gives "the green light"; Chipmixer could, if they wanted to, simply change some of the source code. Any of the current mixers could.
This is true unless we implement off-chain cryptography ie. blinded bearer certs. If we do - you can prove unlinkability without checking our code.

For the most ironic of countless petty examples that I have recently seen all over the Internet, observe how a a technical discussion on tor.stackexchange was cut short with extreme rudeness
Or they may be scared of being linked with "money laundering". There are still some people that using https or VPN is "hacking".

We have contacted nullius about developing Chaumian bank.

Last of the V8s
Legendary
*
Offline Offline

Activity: 1386
Merit: 2937


Be a bank


View Profile
January 12, 2020, 09:23:17 AM
 #20


We have contacted nullius about developing Chaumian bank.

Good news.

theymos started some discussion of chaumian e-cash a while back https://bitcointalk.org/index.php?topic=4703851.0
and there's been some developments since, linked by tiny moi further down and especially https://bitcointalk.org/index.php?topic=4703851.msg52856631#msg52856631

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!