ㅤ

[20kevin20]

What if:

• I don't have private coins?

Then get some if you are really that paranoid about testing for Sybil attacks.

You’re joking I hope. You said you are the solution to privacy for BTC. How do I get private BTC considering you’re the only option to get privacy coins? You’re either trolling or at this point you’re trying so hard it’s starting to become embarrassing for your case.

- me: I’m really hungry but there’s no place around to go eat
- Kruw’s logic: Then just go get some food if you are really that hungry bro

[1714247633]

1714247633

[1714247633]

1714247633

[BlackHatCoiner]

If they're sincere, then why are they requiring their customers to trust them with their funds in privacy instead of coordinating trustless noncustodial WabiSabi coinjoins?

Says the supporter of software which requires mass surveillance company's approval to have your coins mixed; which makes any coinjoin made my Wasabi objectively not trustless.

You would know because the coin is private, therefore it can't be refused due to its history.

There is nothing preventing the third party from refusing any coin, and thus, from refusing a private coin.

Then get some if you are really that paranoid about testing for Sybil attacks.

Great. I can't verify myself I'm subjected to a Sybil attack chain analysis attack, so let's buy some private coins from someone who can neither verify he's being subjected same like. 

How would the malicious coordinator know not to deny and replace your private coin along with every single other one?...

There is no malicious coordinator in my hypothetical scenario. There is a malicious third party (coinVerifier named in the source code), which can arbitrarily refuse to have some coins in the WabiSabi round. The third party can attempt to attack to my non-private coin by refusing to accept any other non-private coin, accept a small number of private coins, and fill the round with their coins. That would make it look as if it's a big coinjoin, but the third party will be able to de-anonymize it much more effectively.

In Wasabi, the coordinator initiates a request to a third party. Subsequently, the third party obtains the authority to approve or disapprove the coins participating in the coinjoin round. As a result, the entire coinjoin round hinges on the judgment of the third party. Could you explain to me how it makes sense for a coinjoin round to rely on a company that aims to de-anonymize coinjoins?

[Kruw]

Lmfao. "Use a different service to make your coins private before using them with Wasabi" is the best take I've heard yet.

Or, you know, just skip that second step and just use a different service altogether.

Yes, you can use a different service with the WabiSabi coinjoin protocol, even your own!  With just one click, you can coordinate your own WabiSabi coinjoins yourself to create private coins, the code is entirely open source  

You’re joking I hope. You said you are the solution to privacy for BTC. How do I get private BTC considering you’re the only option to get privacy coins? You’re either trolling or at this point you’re trying so hard it’s starting to become embarrassing for your case.

- me: I’m really hungry but there’s no place around to go eat
- Kruw’s logic: Then just go get some food if you are really that hungry bro

What is your complaint, exactly?  The WabiSabi protocol provides a way confirm the coordinator is not performing a Sybil attack.

Says the supporter of software which requires mass surveillance company's approval to have your coins mixed; which makes any coinjoin made my Wasabi objectively not trustless.

Objectively, WabiSabi coinjoins are trustless.  You do not have to trust the coordinator with your coins or your privacy.

There is nothing preventing the third party from refusing any coin, and thus, from refusing a private coin.

In which case you detect the attack from the refusal of the private coin.

Great. I can't verify myself I'm subjected to a Sybil attack chain analysis attack, so let's buy some private coins from someone who can neither verify he's being subjected same like. 

You can coordinate your own WabiSabi coinjoins yourself to create private coins.  The backend code is entirely open source.

There is no malicious coordinator in my hypothetical scenario. There is a malicious third party (coinVerifier named in the source code), which can arbitrarily refuse to have some coins in the WabiSabi round.

The party identified as malicious by these refusals would still be the coordinator.  Whether or not the coordinator is taking orders from another party about what coins to deny doesn't make a difference in regards to the attack being detected and defeated.

The third party can attempt to attack to my non-private coin by refusing to accept any other non-private coin, accept a small number of private coins, and fill the round with their coins. That would make it look as if it's a big coinjoin, but the third party will be able to de-anonymize it much more effectively.

This would mean the Sybil attack gets detected and didn't even have a 100% chance of success in the first place.

[BlackHatCoiner]

Yes, you can use a different service with the WabiSabi coinjoin protocol, even your own!  With just one click, you can coordinate your own WabiSabi coinjoins yourself to create private coins, the code is entirely open source

With clearly inferior anonymity set, as every Wasabi user is practically using zkSNACKs' coordinator. You can't expect someone who merely wants to enhance their privacy, to run a coordinator, given there's a monster with millions in liquidity. He can't compete. WabiSabi coinjoins are nothing with no such liquidity.

Objectively, WabiSabi coinjoins are trustless.  You do not have to trust the coordinator with your coins or your privacy.

I have to trust the coordinator for not attempting to perform a Sybil attack, and in the unnecessarily complicated case with zkSNACKs, I have to trust their chain analysis buddies with clear incentive to attack likewise, will neither attack.

In which case you detect the attack from the refusal of the private coin.

In which case I must have acquired one private coin without being Sybil attacked somehow.

You can coordinate your own WabiSabi coinjoins yourself to create private coins.  The backend code is entirely open source.

I can't create private coins myself. I can create private coins only if I will mix mine with other people's coins.

The party identified as malicious by these refusals would still be the coordinator.  Whether or not the coordinator is taking orders from another party about what coins to deny doesn't make a difference in regards to the attack being detected and defeated.

I know. That's why I took a hypothetical scenario where the coordinator isn't malicious. Even in that scenario, you have to be aware of the chain analysis company for not screwing the coinjoin up, with clear incentives that go against the coinjoin from happening uninterruptedly.

This would mean the Sybil attack gets detected and didn't even have a 100% chance of success in the first place.

How would it be detected, and by who? Surely not by the user, as they accept their coins can be disapproved and they gain no right to know why:

You acknowledge that zkSNACKs Ltd.'s decision to take certain actions, including suspending for any reason at our sole discretion, may be based on confidential criteria that are essential to zkSNACKs Ltd.'s risk management and security protocols. You agree that zkSNACKs Ltd. is under no obligation to disclose the details of its risk management and security procedures to you.

[20kevin20]

What is your complaint, exactly?  The WabiSabi protocol provides a way confirm the coordinator is not performing a Sybil attack.

Do you even read our posts or are you literally a bot repeating the same thing over and over to everyone? You said we need private coins to avoid a Sybil attack. Tell me how I can get those in the first place. How the hell am I supposed to get a private coin through Wasabi before using Wasabi? (btw it’s at least the third time I’m asking this question)

[Kruw]

You can't expect someone who merely wants to enhance their privacy, to run a coordinator, given there's a monster with millions in liquidity. He can't compete.

You are literally advertising a competing privacy service in your signature, what do you mean "He can't compete"?  It's obviously a massive red flag that "Whirlwind Money" has chosen to collect their customer's data and custody their coins instead of coordinating WabiSabi coinjoins with that liquidity, which are non custodial and do not reveal any data to the coordinator.

I have to trust the coordinator for not attempting to perform a Sybil attack, and in the unnecessarily complicated case with zkSNACKs, I have to trust their chain analysis buddies with clear incentive to attack likewise, will neither attack.

No you don't have to trust the coordinator, as I explained earlier, Sybil attacks by a malicious coordinator can be detected.

In which case you detect the attack from the refusal of the private coin.

In which case I must have acquired one private coin without being Sybil attacked somehow.

Yes, such as coordinating a WabiSabi transaction yourself.

I can't create private coins myself. I can create private coins only if I will mix mine with other people's coins.

You can coordinate your own WabiSabi coinjoin with peers of your choice to create private coins without anyone's permission.

I know. That's why I took a hypothetical scenario where the coordinator isn't malicious. Even in that scenario, you have to be aware of the chain analysis company for not screwing the coinjoin up, with clear incentives that go against the coinjoin from happening uninterruptedly.

It doesn't matter if a chain analysis company is providing data to the coordinator is malicious vs the coordinator themselves being malicious, clients recognize it as an attack by the coordinator anyways because the coordinator is the middleman that bridges the communication between the two.

How would it be detected, and by who? Surely not by the user, as they accept their coins can be disapproved and they gain no right to know why:

As I explained before, a malicious coordinator is detected if a private coin is rejected from registering.

What is your complaint, exactly?  The WabiSabi protocol provides a way confirm the coordinator is not performing a Sybil attack.

Do you even read our posts or are you literally a bot repeating the same thing over and over to everyone? You said we need private coins to avoid a Sybil attack. Tell me how I can get those in the first place. How the hell am I supposed to get a private coin through Wasabi before using Wasabi? (btw it’s at least the third time I’m asking this question)

You can get private coins without anyone's permission by coordinating WabiSabi coinjoins.

[20kevin20]

You are literally advertising a competing privacy service in your signature, what do you mean "He can't compete"?  It's obviously a massive red flag that "Whirlwind Money" has chosen to collect their customer's data and custody their coins instead of coordinating WabiSabi coinjoins with that liquidity, which are non custodial and do not reveal any data to the coordinator.

You are literally working with a dystopia-esque surveillance company. It’s obviously a massive red flag that “WasabiWallet.io” has chosen to censor their users and work with surveillance companies instead of keeping their moral levels high and not giving up their posture in the privacy segment of Bitcoin, which you definitely have.

How does Whirlwind Money collect their customer’s information?

Even if they did, they’d still be able to collect way less information than your partner Coinfirm collects and heavily analyzes to find identities and links.

In fact.. if you’re this sure there’s no privacy when using Whirlwind, MixTum or whichever other service, why do you call them competitors?

You can coordinate your own WabiSabi coinjoin with peers of your choice to create private coins without anyone's permission.

What are the chances I massively mess up my privacy during the coordination of a WabiSabi coinjoin with peers of my choice?

[BlackHatCoiner]

You are literally advertising a competing privacy service in your signature, what do you mean "He can't compete"?

Regular people who merely want privacy cannot be expected to setup an entire company themselves. That's nonsense.

It's obviously a massive red flag that "Whirlwind Money" has chosen to collect their customer's data and custody their coins instead of coordinating WabiSabi coinjoins with that liquidity, which are non custodial and do not reveal any data to the coordinator.

Custody is indeed a problem. As for customer's data, they will sometime implement blinded bearer certificates. Do you want to talk to us about the part where you literally fund mass surveillance firms with coinjoin fees?

No you don't have to trust the coordinator, as I explained earlier, Sybil attacks by a malicious coordinator can be detected.

If I already have private coins, which is not the case for the overwhelming majority of people who try Wasabi for the very first time.

You can coordinate your own WabiSabi coinjoin with peers of your choice to create private coins without anyone's permission.

And have inferior privacy, as the default coordinator contains orders of magnitude more liquidity than an average coinjoin with me and my peers. And even if I do coinjoin with them, and later on want to coinjoin with the default coordinator, I will still have to trust that the third party will approve our private coins afterwards.

It doesn't matter if a chain analysis company is providing data to the coordinator is malicious vs the coordinator themselves being malicious, clients recognize it as an attack by the coordinator anyways because the coordinator is the middleman that bridges the communication between the two.

Clients who have somehow acquired private coins beforehand can recognize that. Clients who merely want to improve their privacy while owning only non-private coins cannot recognize anything.

I mean both are true. Obviously the chain analysis firm cannot be trusted to approve which user is allowed to gain privacy, ergo is malicious, and zkSNACKs either, for attempting to allow from such company to gain that authority. Both zkSNACKs and the chain analysis firm are malicious.

As I explained before, a malicious coordinator is detected if a private coin is rejected from registering.

And to acquire a private coin, you need to firstly do a WabiSabi coinjoin, which requires to trust the intentions of a coordinator.

[witcher_sense]

It doesn't make a difference if Coinfirm is involved, the Sybil attack could be detected and interpreted as a malicious coordinator by clients the exact same way.

Either you are pretending you don't understand what attack vector I am talking about, or you don't understand how the software you are actively defending works under the hood. The "official" Wasabi Coinjoin coordinator doesn't perform their own blockchain analysis: it doesn't know in advance whether certain UTXOs are good or bad: it might be those attempting to ruin the CoinJoin process or those attempting to ruin the company's reputation. The latter type of UTXO is evidently more dangerous since it directly affects the company's well-being and income. Criminals, dissidents, opposition parties, journalists who dared to uncover inconvenient truths, and others are now considered sources of "naughty" coins: they should be detected early and denied mixing service, which is why the company begins sharing part of its income with "professionals" supposedly capable of telling bad coins from not-so-bad ones effectively. The company and its coordinator blindly rely on data coming from external closed-source API, and they have to trust everything they are told because of the design of CoinJoin software. When parts of your open-source software rely on closed-source sources of information, it can no longer be considered fully open-source and trustless: both a coordinator and its customers now depend on the blockchain surveillance firm not behaving maliciously. Coinfirm, a blockchain analysis company, acting in their own interests and approving only those coins they want to deanonymize is a potential attack vector that cannot be prevented or detected in advance.

"It can be very hard to understand something, when misunderstanding it is essential to your paycheck".

[n0nce]

Guys, there is no need to argue about the details.

I know, but it's quite funny to see that stubborness. I mean, he is genuinely attempting to persuade us that having a surveillance company decide who deserves to gain privacy is the optimal privacy technique. I can't leave that shit unchallenged. 

I understand that, and it is important! One big question mark for me (PR-wise) is why they fight critics to the bone instead of answering their questions. As far as I know, that's not how you get people who worry about the security and privacy of your product, to try it out..

My advertised service doesn’t promote themselves as the solution to Bitcoin privacy, doesn’t claim it’s non custodial or trustless. They’re sincere and at this point I much rather use them than your sketchy software.

If they're sincere, then why are they requiring their customers to trust them with their funds in privacy instead of coordinating trustless noncustodial WabiSabi coinjoins?  There's no excuse for them collecting the funds and data of their customers when WabiSabi allows them to provide trustless privacy to their customers.

Besides the fact that you should stick to the topic at hand (your own service), centralized services do have some inherent advantages. Of course, a trustless solution would be preferred, but centralized CoinJoin coordinators (as you have shown) also have the ability to spy and censor.
Please get it: no matter how often you repeat the words 'trustless privacy' and no matter how well that works for your usual audience, Bitcointalk isn't buying it.

I do believe they had the choice to be honest and tell their users they have to shut down & maybe start working on a new, decentralized product. But it seems like they chose to give in and start spying & censorship to be able to let the business continue as usual.

What is your design proposal for a new, decentralized privacy product?  I'm open to suggestions.

First of all: it's not my job to.. do your job. I don't have to fix your product. If you want to run a successful privacy product, it's your job to make sure it actually preserves and improves privacy.
Secondly; cancel all your contracts with blockchain analysis, authorities and whoever else is telling you to spy on users. Kill your central coordinator. Then build something without a central point of failure (technologically and organizationally).

What if:

• I don't have private coins?

Then get some if you are really that paranoid about testing for Sybil attacks.

How?
And does this mean I have to use a different Bitcoin privacy service, to be able to use your Bitcoin privacy service?
How do I even tell whether I have 'private coins' or not? Do you have a 'coin checker' tool? (not that I'd ever put my addresses in such thing..) We've had this discussion so many times now; 'naughty' may seem like a fitting term for you but whatever is immoral and / or illegal to you, is not to many others globally - maybe even the majority of people..

The "optimal privacy technique" is called the WabiSabi protocol, which is open source and able to be used by anyone.  "Having a surveillance company decide who deserves to gain privacy" is not a criticism of the WabiSabi protocol at all.

Cut the bullshit; we are obviously not criticizing Greg Maxwell's (!!!) 10-year-old idea of CoinJoin (which you're trying to rebrand to WabiSabi.. different story) right now, but the fact that you do pay a surveillance company to spy on your users. If you continue with these strawmans, you'll only make more of a fool of yourself than you already have.

Yes, you can use a different service with the WabiSabi coinjoin protocol, even your own!  With just one click, you can coordinate your own WabiSabi coinjoins yourself to create private coins, the code is entirely open source

With clearly inferior anonymity set, as every Wasabi user is practically using zkSNACKs' coordinator. You can't expect someone who merely wants to enhance their privacy, to run a coordinator, given there's a monster with millions in liquidity. He can't compete. WabiSabi coinjoins are nothing with no such liquidity.

Let's not forget that the option to change coordinator was hidden (even non-existing in GUI, from what I recall), at least when they transitioned from Wasabi 1.x to 2.x.

[o_e_l_e_o]

In which case you detect the attack from the refusal of the private coin.

Except you absolutely can't. If your coin is rejected, even if you think it is private you have no idea if you are being Sybil attacked or if Coinfirm have deemed your coins too naughty. Given that we have no idea what criteria Coinfirm use (you won't even confirm that it is Coinfirm that you are partnered with!) then it is impossible for users to make a judgement. Coinfirm could very well simply reject all coins coming from mixers or from other coinjoin protocols, in just the same way as many centralized exchanges who similarly partner with blockchain analysis firms. User have no idea if this is happening, and you won't tell them.

At least we agree on one thing. The solution to Wasabi's many flaws is "Get your privacy elsewhere." Lol.

Do you even read our posts or are you literally a bot repeating the same thing over and over to everyone?

All the points he is making have already been addressed multiple times. He just ignores everything he can't answer (which is most of it) and endlessly repeats the same bullshit.

Regarding setting up your own coordinator:

Running your own coordinator is outside the skill set of 99.9% of users and you know it, so maybe ease off on repeating that stupid soundbite.

In terms of third party coordinators - how much volume do they have?

(I know you are going to repeat your nonsense soundbite about "run your own coordinator" here, but as I explained above, that simply is not an option for 99.9% of users).

Still, why would I go through the effort of setting up a coordinator, having zero volume, trying to entice people to my coordinator, all so I can run inferior coinjoins with suffer from address reuse and identifiable outputs, when I can just run JoinMarket instead?

He never did answer the question about how much volume there is on third party coordinators. I wonder why...

[NotATether]

Coinfirm could very well simply reject all coins coming from mixers or from other coinjoin protocols, in just the same way as many centralized exchanges who similarly partner with blockchain analysis firms. User have no idea if this is happening, and you won't tell them.

Actually a lightbulb just lit inside my head - they could block Whirlpool coinjoin UTXOs for retaliation or something.

[FinneysTrueVision]

He never did answer the question about how much volume there is on third party coordinators. I wonder why...

Maybe because it's being offered by a third party.It's none of their business how much volume there is on third party coordinators. Anybody could be running a private coordinator that isn't advertised publicly and Wasabi would have no idea how much volume there is because they are not involved in any way. Volume isn't even what matters the most. You can still have a large anonymity set with a smaller amount of BTC. Wasabi could be mixing 1,000,000 BTC per day and a third party could be mixing 10 BTC per day but if Wasabi's 1,000,000 BTC belongs to only 5 whales then they will not be getting such great privacy.

Let's not forget that the option to change coordinator was hidden (even non-existing in GUI, from what I recall), at least when they transitioned from Wasabi 1.x to 2.x.

It only takes two clicks to access the config file. If there was an alternative coordinator you wanted to use it would only take a few seconds of effort to switch from the default one.

[o_e_l_e_o]

Maybe because it's being offered by a third party.It's none of their business how much volume there is on third party coordinators. Anybody could be running a private coordinator that isn't advertised publicly and Wasabi would have no idea how much volume there is because they are not involved in any way.

So if the third party coordinators are not publicly accessible, how is the average Joe going to use them? It would also be trivial for Wasabi to answer this question - just pull every Wasabi coinjoin from the blockchain, and then subtract their own ones. The fact that they don't tells you everything you need to know.

He can't tout "Use a third party coordinator" as the ultimately solution for every problem Wasabi has, when he knows fine well there are very few third party coordinators and the ones that exist have almost no volume.

And none of that does anything to solve the rampant address reuse, some coinjoin participants receiving zero privacy, or Wasabi grinding outputs in to dust as has been discussed elsewhere.

[BlackHatCoiner]

Maybe because it's being offered by a third party.

Or maybe it's because there are near zero such parties. Any reasonable Bitcoin user who wants to be a coordinator runs JoinMarket, because it's decentralized and doesn't come with default coordinators which clarify that they fund chain analysis with coinjoin fees, and which might not accept you in the round if you're "naughty".

It only takes two clicks to access the config file. If there was an alternative coordinator you wanted to use it would only take a few seconds of effort to switch from the default one.

It only takes zero clicks to have your coins coinjoined with JoinMarket with various takers, as the software automatically switches to another taker in case one denies to have you in your round.

[FinneysTrueVision]

So if the third party coordinators are not publicly accessible, how is the average Joe going to use them? It would also be trivial for Wasabi to answer this question - just pull every Wasabi coinjoin from the blockchain, and then subtract their own ones. The fact that they don't tells you everything you need to know.

He can't tout "Use a third party coordinator" as the ultimately solution for every problem Wasabi has, when he knows fine well there are very few third party coordinators and the ones that exist have almost no volume.

And none of that does anything to solve the rampant address reuse, some coinjoin participants receiving zero privacy, or Wasabi grinding outputs in to dust as has been discussed elsewhere.

Wasabi Wallet has worked fine for 99.9% of average joes, hence the lack of demand for alternative coordinators. That's not really on them if there's no alternatives or there's not enough volume. The solution is there, people just have to be willing to build it.

You would probably get a lot of false positives if you are relying on blockchain analysis to determine what is or isn't a WabiSabi transaction. Because WabiSabi allows mixing arbitrary amounts then a lot of muli-input transactions paying multiple addresses could be misidentified as being CoinJoins.

The address reuse issue has been discussed extensively since 2019. It's not that hard to go on Github, social media, and blog posts to see what was causing the issue and what measures were taken to prevent this from happening. Not every instance of user error or misuse can be prevented but I have not heard of this still being an issue besides a claim from a Samourai-ran twitter account where it actually turned out it wasn't a Wasabi coinjoin.

The grinding to dust accusation is not really something I had heard about so I haven't looked into what it's all about. The claim seems to be coming from Samourai so I would take it with a grain of salt since they are known to lie and exaggerate.

It only takes zero clicks to have your coins coinjoined with JoinMarket with various takers, as the software automatically switches to another taker in case one denies to have you in your round.

JoinMarket is great and a viable alternative to Wasabi. It actually has more volume than Wasabi and Whirlpool combined according to the most recent publicly available statistics that I could find. Using JoinMarket alone isn't enough to give you perfect privacy. There are several theoretical attacks which could happen on JoinMarket as well. According to their developer:

Joinmarket has never been something you can use in a simple way and expect defence against active attackers.

[o_e_l_e_o]

Wasabi Wallet has worked fine for 99.9% of average joes, hence the lack of demand for alternative coordinators.

There is a lack of demand for alternative coordinators because anyone with a shred of sense is not using Wasabi at all.

The solution is there, people just have to be willing to build it.

As I've mentioned before, why would anyone waste their time, money, and resources to set up their own coordinator, spend weeks or months advertising it and enticing people to use it, all so they can run flawed coinjoins, when they can just set up and use JoinMarket in a fraction of the time.

Because WabiSabi allows mixing arbitrary amounts then a lot of muli-input transactions paying multiple addresses could be misidentified as being CoinJoins.

Their amounts are fixed and therefore easily identifiable: https://docs.wasabiwallet.io/FAQ/FAQ-UseWasabi.html#what-are-the-equal-denominations-created-in-a-coinjoin-round

[n0nce]

Let's not forget that the option to change coordinator was hidden (even non-existing in GUI, from what I recall), at least when they transitioned from Wasabi 1.x to 2.x.

It only takes two clicks to access the config file. If there was an alternative coordinator you wanted to use it would only take a few seconds of effort to switch from the default one.

So there's not even a CLI flag or GUI option? I'm not saying editing config files is hard for me, but you are trying to tell us, realistically, average users are going go through their file system to locate a config file and then.. recompile? Or is it at least read out at runtime?

Do you provide any guides for that at least? What about running coordinators? Is that nicely documented and encouraged or do you simply use the fact that it's technically possible as an excuse to escape the fact that your product is fundamentally flawed, at least when used the way 99.9% of users are using it?


Let me rephrase: if the default way of using your ('privacy'!!) software has bad privacy, it's not your users' fault, it's your software's fault.

Wasabi Wallet has worked fine for 99.9% of average joes, hence the lack of demand for alternative coordinators. That's not really on them if there's no alternatives or there's not enough volume. The solution is there, people just have to be willing to build it.

If we define 'working fine' (you haven't, making your whole post very vague at best) as: 'have not experienced negative consequences after using Wasabi', this is a very weak argument.
The quality of a privacy solution is shown when someone actively tries to challenge it. Since most users realistically don't experience a situation where authorities or threat actors try to deanonymize them, in theory they could have just used no privacy solution at all and would have 'been fine'.
This is not the measure you should use when evaluating Wasabi. You should consider what happened if someone 'went looking'. Realistically, they would pay Coinfirm their regular fee and easily buy the information they need for further analysis.

[Medusah]

I am going to completely ignore the recent discussion.  I do not think there is anything more to say.

If some Wasabi contributor can answer me the following questions, I would be glad.

• What are the weaknesses of the WabiSabi protocol?  Is requiring a centralized coordinator the exclusive disadvantage in comparison with JoinMarket? (excluding the liquidity of JoinMarket which is greater)
• If JoinMarket implemented WabiSabi coinjoins (as an alternative method to coinjoin in their software), what would be the point of using Wasabi wallet?

[Kruw]

How does Whirlwind Money collect their customer’s information?

By linking the depositor's address with their withdrawal destination.  Coinjoin coordinators are not trusted with their customer's data and are not trusted with depositor funds, so it's clear that Whirlwind is acting maliciously by choosing to act as a trusted third party instead.

Regular people who merely want privacy cannot be expected to setup an entire company themselves. That's nonsense.

You don't have to setup an entire company, you just have to find other peers who want to coinjoin with you.

I will still have to trust that the third party will approve our private coins afterwards.

The point of owning the private coin is so you can verify the coordinator is not performing a Sybil attack on your non private coin, there's no trust at all.

Either you are pretending you don't understand what attack vector I am talking about, or you don't understand how the software you are actively defending works under the hood.

Go ahead then, explain what attack vector you are talking about since I've already explained how the Sybil attack vector is detected and defeated.

I understand that, and it is important! One big question mark for me (PR-wise) is why they fight critics to the bone instead of answering their questions. As far as I know, that's not how you get people who worry about the security and privacy of your product, to try it out..

What question do you have about the security and privacy of the WabiSabi coinjoin protocol?  I'm happy to answer.

Besides the fact that you should stick to the topic at hand (your own service), centralized services do have some inherent advantages. Of course, a trustless solution would be preferred, but centralized CoinJoin coordinators (as you have shown) also have the ability to spy and censor.

That's not true, the coordinator does not know which inputs belong to which outputs in their coinjoin transactions, so they do not have the ability to spy like a centralized mixer does.

Please get it: no matter how often you repeat the words 'trustless privacy' and no matter how well that works for your usual audience, Bitcointalk isn't buying it.

What part of it don't you understand?  Coinjoins are completely non custodial and do not require you to trust the coordinator with your data.

First of all: it's not my job to.. do your job. I don't have to fix your product. If you want to run a successful privacy product, it's your job to make sure it actually preserves and improves privacy.

WabiSabi coinjoins do preserve and improve privacy, you can verify that for yourself:  https://mempool.space/tx/d465033214fd2309dcce5a90c45fcaa788aa4394ee36debe07aad8d8a37907d2

And does this mean I have to use a different Bitcoin privacy service, to be able to use your Bitcoin privacy service?

No, anyone can coordinate their own WabiSabi coinjoins.

How do I even tell whether I have 'private coins' or not?

Coinjoin them.

Let's not forget that the option to change coordinator was hidden (even non-existing in GUI, from what I recall), at least when they transitioned from Wasabi 1.x to 2.x.

This isn't true.

Except you absolutely can't. If your coin is rejected, even if you think it is private you have no idea if you are being Sybil attacked or if Coinfirm have deemed your coins too naughty..

You would know there is no reason you could be rejected because the coin is private.