blindmixer.com - CLOSED

[blindmixer]

Hello all.

This thread will serve as the ANN thread for blindmixer.com

blindmixer.com

For those who think the layout and content seems familiar: you're right. We are a rebranded version of the moneypot software, however we are a completely seperate entity. Moneypot is discontinued as far as we are aware.

blindmixer.com - Next-gen mixer | Chaumian Bank | Lightning | Blinded-Sig |

In short: blindmixer works both as a mixer and a wallet, but should really only be used as a  wallet to facilitate the former, given that blindmixer is fully centralized. blindmixer uses blind signatures to ensure that your inputs and outputs are cryptographically unlinked. Even we do not know which inputs originally belonged to you when you withdraw!* No other centralized mixer does anything close to this currently!



Apart from provable privacy we offer some additional unique features, most of which we can offer because we are a centralized entity:

• blindmixer utilizes in-house coin selection algorithms, allowing us to not only batch transactions at scale, but we are also able to make the smartest* choices when selecting inputs.

• blindmixer brings lightning to the average Joe. No longer will you be required to set up your own node, or use a separate wallet for your lightning transactions. blindmixer allows you to pay and generate invoices from the comfort of the same wallet.

• blindmixer is provably-honest. We will be unable to get away with duping any single person.**

• blindmixer offers their service at cost. Apart from very limited anti-dusting fees, all of blindmixer's services are ran at cost. There are no hidden fees.***

• blindmixer allows instant and free transfers between users.

* In comparison to the standard core selections.
** Every action both by the user and the custodian that involves funds requires a cryptographic signature, thus proving the intent of both parties at all times. Example: the user signs a claim-request (claim-request: request for (blinded) coins) for a hookin (on-chain deposit) with the public key of the address the hookin was made on.
*** blindmixer wipes the custodian at set intervals. This is both to make
A. money,
B. exit scamming less lucrative,
C. exploiting vulnerabilities less profitable.




What are the drawbacks?!

• blindmixer is still a custodial and centralized mixer. Through malice, error, or other causes, your funds* could potentially disappear at any given time, without you being at fault. *Your funds as in the collective of all of the users of a custodian. we previously explained it would be impossible for us to dupe a single user without it being proveable!
  

• blindmixer is a complex object. there may be unspotted vulnerabilities in the code which can cause a loss of funds, especially in the first few iterations. Be wary that any funds you deposit can be lost at any time, as we are too. There may be trivial exploits in the custodian code that allow for a complete draining of the custodian, such as a missed signature check.

In what scenario would I use this mixer?

We think blindmixer is to be fully appreciated when used as your day-to-day wallet. Used correctly, a transaction costs as little as a regular input. And that's not even mentioning the ease with which you can use our lightning services to pay for any service or everyday goods, all while retaining full privacy.


FAQ:
 Why should I trust you with my bitcoins?
   - You should not. Everyone needs to assess the risk they're willing to take with their coins, and we hope we offer enough to make it worth it for you to take that risk. There is no compelling argument we can make as to why we are worthy of safe-guarding your coins, because really, we aren't.

For more frequently asked questions, you can visit our FAQ


How exactly does blindmixer work?

In technical terms: blindmixer takes the bitcoin you deposited, and returns to you a claim to a set of coins equal to the deposited amount. Only you have the keys to those coins, and you use them each time you want to make a transaction. Due to how blindmixer works, we do not know your coins, nor the keys. We only know whether or not they are valid, and whether you are the actual owner of them.

For more detailed information, please check out: Overview


How to use:

Step 1. Visit mixer.blindmixer.com

Step 2. Choose a custodian.

Step 2.1 Choose both a password and a name. Save your password and mnemonic phrase!

Step 3. Deposit bitcoin through either lightning or a normal transaction.

Step 4. Start mixing!


Electron
blindmixer also offers an electron shell, should users be interested in using that. We think it could be of benefit to both your privacy and security.

For more information, please visit Releases



Source code

For those interested in the source code, our github repositories are publicly accessible. You are welcome to contribute or point out bugs.

For those who spot critical security vulnerabilities; please PM us here on bitcointalk or send an email to our support. No monetary compensation is guaranteed, though it is highly appreciated!

blndmxr-mixing-wallet
blndmxr-lib
blndmxr-wallet-electron
blndmxr-custodian


If you still feel uncomfortable, get a feel for the wallet by using our testnet custodian:

(UPDATED: 2022-06-1)

Code:

https://mainnet.blindmixer.com/#pubmp1qd3ahjyuxu5jv7ekvwdz6asjmud0mcvhu8qtml6ju36fck5av4l9x7lkrf0

Code:

http://testnet.blindmixer.com/#pubmp1qf98kxatpw43mqjft6j72dps5wn66yzp47k3zm0yn4skhedv32x5sphklj2

Rollover date of both custodians:

Code:

2022-01-01T04:00:00.000Z

Our pgp key:

Code:

1CE3A7D242752B9470F6585F91233C865A2CAC09

Code:

curl https://keybase.io/jameslemarkven/pgp_keys.asc | gpg --import

Latest wallet file as of 2022-28-04

Code:

https://mixer.blindmixer.com/main.3b3a02afbe328e2366eb.js#7fWgpIBtNrbSUMNkB1aVSA9bWnRyEqw0NogHk7V4FaY=

Verify the checksum using

Code:

shasum -b -a 256 main.3b3a02afbe328e2366eb.js | awk '{ print $1 }' | xxd -r -p | base64

(UPDATED: 2022-28-04)
Or verify using the signature on our website (note: you can't directly copy this, please see https://blindmixer.com/releases)

Code:

-----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQQc46fSQnUrlHD2WF+RIzyGWiysCQUCYmrw5QAKCRCRIzyGWiys CZnQAQCPuuLObmXHMy4KdmbjuuD2k2iZ3BJVMUoiadY3+5AhZwD8CojLdCnRaB3N AdZklGxOpLN1+cmMnVz8qyfrJGnoNQY= =bafc -----END PGP SIGNATURE-----

Once downloaded:

Code:

 gpg --verify blindmixer_wallet_url_v1.0.0_sig.asc main.3b3a02afbe328e2366eb.js

Commonly asked questions:

A. You use cloudflare, isn't that bad for my privacy?
Answer: Only if you weren't using blindmixer properly to begin with. If you do not use a different ip between asking for a withdrawal and asking for acknowledgement of a deposit, we will most likely be able to link your in- and outputs together. As we see the custodian as the primary attacker, preventing this secondary attack vector on your privacy does not interest us greatly.

Why?

Because we do not want you to require any *blind* trust* in us in the first place. Removing cloudflare would probably have the opposite effect: users will more often than if we didn't remove cloudflare trust us to not log their ips, which is bad given that we CAN log it, undetectably. It's a good rule of thumb to expect that anything that can be logged will be logged. And so removing cloudflare does nothing to prevent us from logging your ips, but instead give some users a false sense of security, especially those who do not assume that the custodian is "evil", which is something you should always do. And so removing this vector while leaving the primary attack vector in place (us) does not make a whole lot of sense given the benefits of cloudflare.

*Again, some level of trust is required, but where trust is required, you can verify that we are acting honestly, until we are not in which case it will become apparent and proveable. This is not the case for logging ips, as you will never be able to prove or disprove this, so you should never trust us not to log it.

Keeping cloudflare in that regard might actually promote privacy, or at least make users more acutely aware of the lack thereof.

B. You speak of tor so much, yet blindmixer does not work in the tor browser?
Answer: Indeed. the tor browser does not give us (as far as we are aware) sufficient access to instances such as indexeddb, which are required to properly store data related to your coins such as signatures. The very nature of the tor browser (amnesiac) does not make it a prime candidate to be used in combination with blindmixer, as you'll have to restore your coins each time you close your browser. (both takes a long time and can easily deanonymize your inputs/outputs)
It will also not work without javascript, as we do all the signing to ensure fair communications client-side. You can however use any of our electron builds, or route traffic through tor on your regular browser.

C. How do you make money?
Answer: We wipe the custodian every so often. This means that all the funds that are still present in the custodian at that moment in time, we claim for ourselves, and the signing keys will be regenerated. This has some significant advantages:
I. We can run our services at cost. II. We are disincentivized to exit-scam. III. Other users are disincentivized to exploit our software (and more likely to report it for a share of future profits), as there'll be less funds present than if we weren't to rollover given that over time there will be a set percentage of users who will forget about their wallet, not care, or are otherwise unable to access it.

In your mixing wallet, you can see exactly when the wipe is scheduled for your custodian (https://mixer.blindmixer.com/, once logged in head over to "FAQ"), and we also mention it above (see: Rollover Date)

(UPDATED: 2022-06-1)
C. How do you make money?
Answer: We decay unclaimed coins every single month. In short: Every 4 weeks all outstanding giftcards will have their value reduced by 0.01 (1%) with respect to their original value. There is a 1 month grace period before any decay is applied so that you will always have at least 4 weeks to spend your funds without any additional fees.

Currently known issues:

• Custodian can dupe people who try to recover their lightning invoices by telling them they don't exist or don't belong to the claimant. However if you have a locally stored copy of the invoice this will be trivial to prove, so in general it would not be in our interest to claim this as we don't know whether you have a copy or not. (thus making it possible to prove the custodian is acting dishonestly)
  

Please ask us any and all questions you might have! We're just as curious as you! Try us and let us know what you think!

[1714071956]

1714071956

[1714071956]

1714071956

[ThatsMod]

I took the blinmixer domain in a telegram to avoid the tricks of scammers in the future.
If you need it, I'll give it to you, if not, I'll just borrow it on an inactive account.

I looked at the source codes of the wallets and it seemed to me that everything was pretty clean and simple. I hope you will succeed.

Good luck.

[dkbit98]

I really don't see any real advantage of using your wallet compared to centralized exchange, and we can argue that it's much bigger chance of you getting hacked and customers losing money.
Depositing to some centralized service like blindmixer just to save on fees is so stupid and could cost you much more down the line.

blindmixer brings lightning to the average Joe. No longer will you be required to set up your own node, or use a separate wallet for your lightning transactions. blindmixer allows you to pay and generate invoices from the comfort of the same wallet.

This is nothing special to blindmixer, many lightning wallets are custodial and they don't require from users to set up own nodes, but that is much less secure and users have no control over coins.

Help! I have to trust blindmixer and/ or the custodian operator blindly?
Unfortunately, yes...

https://blindmixer.com/faq

That means that custodian can change dates, make wipes whenever he wants, so it's more like you are keeping coins with some gambling gangster and you need to trust him.
You can even receive your own coins back, that is unacceptable if we are taking about mixer, so this word should be removed from your service, it's just a centralized gambling wallet.

Domain registered recently:

Domain Name: BLINDMIXER.COM
Registry Domain ID: 2637908424_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2021-09-25T15:40:46Z
Creation Date: 2021-08-31T21:19:47Z
Registry Expiry Date: 2022-08-31T21:19:47Z
Registrar: NameSilo, LLC

[blindmixer]

I really don't see any real advantage of using your wallet compared to centralized exchange, and we can argue that it's much bigger chance of you getting hacked and customers losing money.
Depositing to some centralized service like blindmixer just to save on fees is so stupid and could cost you much more down the line.

It's not the primary goal of blindmixer, but it's an additional benefit: Of course, the main reason to use blindmixer is to mix your coins.

and we can argue that it's much bigger chance of you getting hacked and customers losing money.

No one is arguing against this. I stated this risk in the OP multiple times.

I really don't see any real advantage of using your wallet compared to centralized exchange,

I don't see any centralized exchanges offering provable- privacy/nologs on your in- and outputs? We're not at all comparable, not in the slightest? Sorry if this is your main takeaway from this thread i'm honestly confused if it's us who worded it poorly or if you just do not at all understand the purpose of this service.

This is nothing special to blindmixer, many lightning wallets are custodial and they don't require from users to set up own nodes, but that is much less secure and users have no control over coins.

Again, this is not the main focus of blindmixer. Of course there are other more secure lightning wallets out there. that's not at all the point. Should I rephrase it to read less enthusiastically and more like a footnote? It's just an addition that's easy for people to use who aren't too familiar with lightning. Ideal for beginners who would like to enjoy privacy without too much hassle. I myself thought it seemed pretty neat for a mixer to have that property?

Help! I have to trust blindmixer and/ or the custodian operator blindly?
Unfortunately, yes...

https://blindmixer.com/faq

That means that custodian can change dates, make wipes whenever he wants, so it's more like you are keeping coins with some gambling gangster and you need to trust him.

The custodian can also run off with your funds at any point, indeed, as any other centralized mixer can. I think we are making this very clear in the OP, no?

Help! I have to trust blindmixer and/ or the custodian operator blindly?
Unfortunately, yes...

Though this is worded a bit poorly because indeed, you need to trust us blindly as a collective to not run off with your funds, but you can also prove that we are acting dishonestly in most if not all cases. For example say we sneakily changed the wipedate: if you go to your config (https://mixer.blindmixer.com) you will see both a hashed version of your config + signature + original acknowledged wipedate that is signed using the public key mentioned in the OP (after the #)

You can even receive your own coins back, that is unacceptable if we are taking about mixer, so this word should be removed from your service, it's just a centralized gambling wallet.

I don't think you quite understand what we are offering and that the implications of that (real privacy) are exactly what can result in such a scenario. Precisely because we do not know which coins belong to you is the reason you can get them back.

that is unacceptable if we are taking about mixer,

I think you also fundamentally misunderstand what it means to "mix" your coins, or at least our definitions must differ significantly.

Really what (we think) it means to "mix" your coins (on-chain) is to create an uncertainty for any third party (or us) to conclusively say which inputs/outputs belong to you. This is partly explained in our FAQ:

Though perhaps we need to further redefine what unlinkability means. If we speak of something being unlinked as there being a statistical improbability of A (provably) being related to B, then of course it would seem highly unlikely that an on-chain input that has been reused a large number of times (but has not been unlinked in the literal sense of the word) for example: (A -> B -> C -> D -> E -> F), would necessarily trace back to you.

For example: Imagine input A with 50 BTC. It becomes aggregated input B with 100 BTC, and so on. Input C with 40 BTC. Input D with 200 BTC. Input E with 100 BTC. Now you withdraw 20 BTC, call it F. As long as you don't withdraw the exact same amount (or a close division of it), despite a linked chain, it does not at all imply that A is necessarily related to F. Not to an observer, and not to us. thus plausible deniability is achieved, and with that privacy.

Now we don't control this: How long until and what amounts you withdraw is entirely up to you, and largely with that your privacy.

^^An easier example is if we were to take 100 different inputs of amounts varying 0.01 - 1 btc of which some number belong to you, pile them all up. Now withdraw 0.1 BTC. Now what would the probability be that someone correctly guesses which inputs originally belonged to you? There's still a linked chain, in a sense you're getting your own inputs back.

So sorry, I will not allow you to portray us as a centralized* "no different than an exchange" "gambling" "gangster" "wallet", when really, we're a centralized mixer with provable privacy (you do not need to trust us not to keep any logs, unlike all other centralized mixers) and proveable honest communications.

(Okay, apart from gangsters... I guess you could call us gangsters given the lack of rep we have . We fully recognize it's good to be fearful.)

*In that regard we are absolutely no different than the service you are promoting, except with us you know that A. we don't can't (reasonably) keep logs. and B. we cannot dupe any individual user without it being provable. And of course we offer some additional features which we think are nice, but you seem to disagree. Unfortunate..

That means that custodian can change dates, make wipes whenever he wants, so it's more like you are keeping coins with some gambling gangster and you need to trust him.

No one is forcing you to keep your coins with us. You can withdraw immediately after depositing. Just like any other centralized mixer there is indeed a risk we could exit-scam.

Domain registered recently:

Domain Name: BLINDMIXER.COM
Registry Domain ID: 2637908424_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2021-09-25T15:40:46Z
Creation Date: 2021-08-31T21:19:47Z
Registry Expiry Date: 2022-08-31T21:19:47Z
Registrar: NameSilo, LLC

Not sure what this is supposed to prove either. Yes, we are a new service. You should treat us with caution as you would do with any other centralized entity. What, you wanted us to own this domain for several years? What exactly would that prove? I'm thoroughly confused.

Sorry if this post came off as harsh, not at all my intention. Just trying to clear up as much confusion as possible. And so yes, I fully understand that it might feel risky for people to entrust us with their funds. That's completely understandable and we also would've rather seen it differently, though the very nature of this scheme requires at the very least us to have custody over your funds.

Again, we fully acknowledge that there might be future exploits/hacks, and that we as of yet don't have any sort of respected presence in the community, and with that the perceived and real risk of depositing funds with us. Don't think we're at all sugarcoating it.

We also understand that there's not much reason for the community to support such a new project as us when there's no real monetary reward for doing so, so we'll think about that as well.

[dkbit98]

Not sure what this is supposed to prove either. Yes, we are a new service. You should treat us with caution as you would do with any other centralized entity. What, you wanted us to own this domain for several years? What exactly would that prove? I'm thoroughly confused.

I was not trying to prove anything, just posted information that you purchased domain recently, and I would hardly call your service new, when it's totally cloned word to word from old dead moneypot wallet website.
For any mixer to be functional it needs to have good liquidity and I am sure your blindmixer (including ex moneypot) never had any liquidity, but you are free to prove me wrong.
I could be only one using the wallet and since there is nobody else sending coins, I would always receive my coins back, in case custodian decides to scam me, than I end up with nothing.

The custodian can also run off with your funds at any point, indeed, as any other centralized mixer can. I think we are making this very clear in the OP, no?

Maybe, but I would argue that risk is much higher using your website that is still in beta, than some proven mixers that exist for years.

(Okay, apart from gangsters... I guess you could call us gangsters given the lack of rep we have Tongue. We fully recognize it's good to be fearful.)

Fearful of what? Surely not about some dead blind project...
I didn't know what better term to use for custodians than gambling gangster, and that is nothing personal against your service, and I didn't know how better to describe when someone can break the deal whenever he wants.

[LoyceV]

I don't think many people will want to use a wallet that takes all their money every few months! Even though you announce it up front, this will likely end in terrible disappointment for some of your customers.

The fact that your wallet/mixer doesn't work in Tor browser isn't encouraging. There's much more to browser identification than just a new IP address, and Tor browser is much easier than booting up a different VPN.

From your fees section:

It looks vaguely familiar, did this overview come from Moneypot? What does "eco" and "free" mean here?
You're comparing your fees to "Any Wallet", but use ridiculously high fees to compare with. My wallet doesn't have a receive fee, and my last send fee was 111 sat. No decent wallet charges 49368 sat for a transaction.

I was hoping for an easy implementation of "theymos' Blinded Bearer Certificates".

[blindmixer]

I was not trying to prove anything, just posted information that you purchased domain recently, and I would hardly call your service new, when it's totally cloned word to word from old dead moneypot wallet website.

Is there any other mixer offering what we are offering? I'd say we are pretty new both in terms of the actual age of our product (not sure why that would matter anyway) and technical advances.

For any mixer to be functional it needs to have good liquidity and I am sure your blindmixer (including ex moneypot) never had any liquidity, but you are free to prove me wrong.

I'm not so sure what you want me to answer; moneypot was barely live (< 3 weeks) and we barely launched yesterday. It seems obvious that it will indeed take some time for people to actually use us (if indeed they will use us at all) and understand what we're about.

And yes, I'd say that you're mostly wrong. For simply mixing your funds:  You can deposit funds on-chain and withdraw them off-chain, or do a combination of both (use reverse submarine swaps**) which works as follows: you use our lightning capabilities to pay an invoice with any reverse swap provider to get your on-chain funds back.
If there is an actual interest in this we can open additional channels to facilitate these swaps.

Anyway, voila your coins should be mixed.

** see sites such as boltz.exchange

You can check how much our lightning capabilities are before depositing, so you can roughly estimate how much you can mix in a single session. Now of course we need to loop those funds back in sooner or later to get our outbound liquidity back. A smart observer might take notice of that though I presume that observing that relationship is a very hard problem given that this is actually unlinked + we can vary amounts + we can vary timing (and you can vary swap providers + the aforementioned)

For even less dependence on our outbound liquidity you can also swap in with provider A (so you generate a lightning invoice with us, pass it to provider A and pay him on-chain), then reverse swap out using provider B. (or A). That wouldn't require us to have any liquidity at all. Now if you're the only user doing this it might at some point become apparent, but given that there's at least one other user also doing this you should be fine.

Now you'll probably say that you don't need us to do this, which is true. you can also just pay an invoice at reverse swap provider B using swap provider A, assuming that they won't communicate with each other about your swaps. That assumption is probably fine if you're not under too much scrutiny.

Or you know, open a channel yourself, loop the initial balance out, and use that to swap.

Maybe, but I would argue that risk is much higher using your website that is still in beta, than some proven mixers that exist for years.

I get your reasoning, though personally I don't think it is at all fair to 1-1 compare us to other mixers given that we offer (or so we think) a radically new and different product. We are not just distinguishable by some formula "the amount of time not exit scammed * mixed * spent on the community" (=reputation) (like any other centralized mixer) else we obviously wouldn't have launched this service. There wouldn't be much way for us to compete.

Fearful of what? Surely not about some dead blind project... Roll Eyes

I said or at least very obviously meant (given the context of the sentence) that I think in general (and with blindmixer) it's good to be fearful of the intentions of new services so not so sure why you're trying to zing me over an argument I never made.

I don't think many people will want to use a wallet that takes all their money every few months! Even though you announce it up front, this will likely end in terrible disappointment for some of your customers.

You're right, though I think we can partly attribute it to people thinking of us being a "wallet" wallet, which is not really the case. Poor marketing from our side but it should become extremely clear that we're not at all a wallet in the traditional sense of the word, and more of an intermediary. say like a giftcard (provider). Those expire.. well sometimes at least  

Also it would become very attractive for us to exit-scam as it is just a given that there's funds that will be left by some % of users. Perhaps if we offer the community a share in this it might become more acceptable? (the rollover profits that is)

It's also great to have these kind of cut-off points so that when a breach happens, there's not years worth of deposits lost, but instead it is contained for some period. As once we're breached, an attacker could sign for any voucher, basically invalidating all outstanding ones.

It looks vaguely familiar, did this overview come from Moneypot? What does "eco" and "free" mean here?

Yes, most if not all of the landing page comes from moneypot.

It should perhaps be "Any Exchange".

Eco: In the next 6 blocks (Any wallet is calculated as 6blocksfee p/WU * 561, ours is 6blocksfee p/WU * 31 * 4

Free: ours is a fixed 100 sats, "Any Wallet" is 561 (WU for 2 outputs 1 input) * 0.25 (I see now it should've been 0.25 but it is instead 1..)

It looks like the service we use for this section does not really update their fees anymore, so the feerate is undoubtedly out of date.

I was hoping for an easy implementation of "theymos' Blinded Bearer Certificates".

I think this is exactly what we are, plus additional features. You have the client component which is the wallet (which can be loaded into Electron (works on most OS!), or any browser with storage capabilities), and then you have the custodian, aka "server".

Note that the wallet is completely open-source, you can build it yourself if you'd like. Not sure if the build is deterministic though.

I see that the scheme described by theymos also has a pretty decent flaw: repudiation. there's no way to check if the server is acting honestly, as that requires additional signatures to everything (and or some tricks to deriving the signing address), which is exactly what we did.

For example in his basic implementation the server can spend party C's unblinded vouchers as soon as it becomes aware of it and it can never be cryptographically proven by party C that they didn't initiate the transfer.

I think it's very hard to simplify it further without diminishing UX and security. It's impossible to do this without Javascript/some storage capacity, so really, how could we make it more accessible and more "traditional-mixer"-yy? I get it, most people want just a landing page without JS that's accessible through the tor browser, but this is just not possible / secure.

This would be the bare minimum scheme:
I. say we do the above (noJS, noIDB) and you deposit. the deposit address is already generated server-side without some form of acknowledgement (so you lose honest communications, at least in blindmixer's implementation), as asking for an ack needs some random key E that you'll need to generate, and a signature you need to store (in case the custodian refuses to credit you).
**

II. Now you have a claim to some C bitcoin in certs that is unbounded so it does not require any sort of key E, so the custodian can steal your certs the moment he becomes aware of them , by simply saying "Oh, someone else already claimed these".

III. How would you claim this? You still need to engage in a signing session for some of the servers public keys BS[10$, 25$, 50$]. that requires some nonce and some operations using that nonce. (that's just the unavoidable nature of the scheme) So should we in this case just display the nonces so you can copy them in a third-party tool to compute the challenge, copy that back to receive your blinded vouchers, which you can then copy and unblind using the same third-party tool to finally claim your funds?

It's not user-friendly at all, especially if you're not that technical.

But hey, what if instead of this third party tool, you use our "tool" which we call a "wallet"?
Above is explained a bit uglier than I would've liked, TLDR: Not sure how to simplify our implementation further.



I really want to simplify using us as much as possible. I'll look into if it's possible to load parts of the wallet's DB in memory so it can be used with the tor browser, though it's probably a lot of effort (not worth it really).

[AB de Royse777]

I use Chipmixer when I need to mix my coins.
From my Electrum (tor enabled) I send the coins to Chipmixer, Chipmixer to another address which I consider very private to me. In the whole process, I only pay network fees, from my public wallet to Chipmixer and Chipmixer to private wallet. If I feel good, then I may send tips to Chipmixer.

I see you are a wallet and a mixer. Let's dive into the wallet part later. Give me reasons why would I use your mixer when I already have a proven and reputed service in my reach. It's a question from a customer's point of view. I am sure who use mixers they already are with some services, what is your key offering for the users to move to you?

By the way, a lot of information on the main thread. I think you really need a good design to serve visually, it's easier for the visitors to give a quick scan before they look for details. If you need help in it along with bitcointalk marketing (for example signature campaign), then feel free to reach out to me.

[blindmixer]

I see you are a wallet and a mixer. Let's dive into the wallet part later. Give me reasons why would I use your mixer when I already have a proven and reputed service in my reach. It's a question from a customer's point of view. I am sure who use mixers they already are with some services, what is your key offering for the users to move to you?

Hah. A couple things right off the bat; we are not necessarily trying to get people to "move" away from already existing services. I think we can perfectly co-exist with any (mixing) service currently out there.
Now, assuming that we have *some* liquidity (liquidity in this context = some N of people using us), I think we offer a truly unique product namely "provable privacy". Due to our usage of blind signatures we do not know what your inputs and outputs are, unlike traditional mixers. So depending on the amount of privacy you want, (and how comfortable you are with using a relatively unknown product) you can use an already existing more traditional mixer, us, or something like monero.

Now aside from that we also offer lightning, so say you want to buy something at Bitrefill every so often, you can use our wallet to instantly buy products with barely any transaction fees.
it follows that you can also use the same lightning invoices to internally pay other blindmixer users.

Now we're a "wallet" because that is the most convenient way to integrate the entire blind signature scheme. Both to generate and use (un)blinded vouchers you need to engage in some signing sessions, store some variables, that kind of stuff. As i explained above the scheme cannot exist otherwise.

We can't just give you your blinded signatures without you generating them (the challenge for it) first, which is something that's sort of similar to generating a private key in terms of confidentiality, and storing the variables you used to create the challenge as you'll need those to unblind the signature later on. So we created a "wallet" that does all of the above for you.

By the way, a lot of information on the main thread. I think you really need a good design to serve visually, it's easier for the visitors to give a quick scan before they look for details.

Right.

If you need help in it along with bitcointalk marketing (for example signature campaign), then feel free to reach out to me.

Hah. Perhaps. What we are definitely interested in is giving the community a stake in our profits, so say we give away 50% or more to people who are interested in it, for really nothing in return but some advertising.

I don't think we want to necessarily do that through a sig campaign as such promises are cheap and will probably underwhelm, so perhaps all users who "sign up" (= leave a comment) for it are automatically eligible, much like a giveaway.
Then just (real profits/2)/(amount of people who signed up). Now this will of course be auditable (by us publishing a "complete"* copy of our DB).


* Not entirely sure if we can cheat on this by deleting certain entries from the DB, perhaps that's a possibility.

[AB de Royse777]

Now aside from that we also offer lightning, so say you want to buy something at Bitrefill every so often, you can use our wallet to instantly buy products with barely any transaction fees.

When I am using your wallet, I am actually sending the coins from a mixer all the time. Fair enough.

it follows that you can also use the same lightning invoices to internally pay other blindmixer users.

Can I not make Lightning Payment to anywhere?

so perhaps all users who "sign up" (= leave a comment) for it are automatically eligible, much like a giveaway.

But you still need advertising, don't you?

[blindmixer]

it follows that you can also use the same lightning invoices to internally pay other blindmixer users.

Can I not make Lightning Payment to anywhere?

Yes you can! With the same privacy as an on-chain withdrawal.

But you still need advertising, don't you?

We do, but we are largely just a bunch of hobbyists. As a result the marketing budget for this project is rather tight. Perhaps in the future this might change.

As I said, within the bounds of what is possible for us financially we're willing to do anything to ensure adoption.

Currently that would be kind of limited to committing to sharing future profits with the community, which is admittedly a bit cheap, especially if we were to use that as some kind of currency to pay people in given the uncertainty of the success of our product.

Hence the hesitation.

[Bill Gates]

Following is taken from your portal @ https://blindmixer.com/fees

Since we are not collecting profit from these fees, our business model is based in locking in the bitcoin deposited in the system and not withdrawn for 12-24 months.

WTF does this mean?

You'll take my Bitcoin, if I don't touch it for a year?

[blindmixer]

Note that the on-chain fees listed are not 100% accurate.

Following is taken from your portal @ https://blindmixer.com/fees

Since we are not collecting profit from these fees, our business model is based in locking in the bitcoin deposited in the system and not withdrawn for 12-24 months.

WTF does this mean?

You'll take my Bitcoin, if I don't touch it for a year?

More or less. Please see:

C. How do you make money?
Answer: We wipe the custodian every so often. This means that all the funds that are still present in the custodian at that moment in time, we claim for ourselves, and the signing keys will be regenerated. This has some significant advantages:
I. We can run our services at cost. II. We are disincentivized to exit-scam. III. Other users are disincentivized to exploit our software (and more likely to report it for a share of future profits), as there'll be less funds present than if we weren't to rollover given that over time there will be a set percentage of users who will forget about their wallet, not care, or are otherwise unable to access it.

In your mixing wallet, you can see exactly when the wipe is scheduled for your custodian (https://mixer.blindmixer.com/, once logged in head over to "FAQ"), and we also mention it above (see: Rollover Date)

You're right, though I think we can partly attribute it to people thinking of us being a "wallet" wallet, which is not really the case. Poor marketing from our side but it should become extremely clear that we're not at all a wallet in the traditional sense of the word, and more of an intermediary. say like a giftcard (provider). Those expire.. well sometimes at least  Undecided

Also it would become very attractive for us to exit-scam as it is just a given that there's funds that will be left by some % of users. Perhaps if we offer the community a share in this it might become more acceptable? (the rollover profits that is)

It's also great to have these kind of cut-off points so that when a breach happens, there's not years worth of deposits lost, but instead it is contained for some period. As once we're breached, an attacker could sign for any voucher, basically invalidating all outstanding ones.

We also have a small section on the site:
https://blindmixer.com/business-model/

Let me know what your thoughts are after reading this.

Alternatively say we would never exit-scam (obviously not our intention), would you rather pay a fixed fee of ~ 1% in return for a "promise" that we so long as bitcoin exists guarantee your funds?

That would also be misleading:
A. We cannot promise anything forever.
B. We cannot promise someone does not somehow exploit our software.
C. We cannot promise we do not get seized.

Now the latter two points we cannot promise in the current environment either, but they would be much more harmful if executed in a setting where we wouldn't wipe.

[LoyceV]

We also have a small section on the site:
https://blindmixer.com/business-model/

I like how you compare it to gift cards:

blindmixer works similar to a gift card provider. Instead of gift cards, blindmixer provides you with coins, which you can trade for bitcoin. However, instead of taking a fee when conversing, as most gift card providers do, blindmixer will once in a while reclaim all the "dead" gift cards (coins) which have yet to be used. This allows us to run all of our services at cost, which provides clients with the lowest possible fees. This is done by rolling over the custodian every so often.

But that's also the problem I have with it: Bitcoin isn't a gift card, private keys are forever!

Alternatively say we would never exit-scam (obviously not our intention), would you rather pay a fixed fee of ~ 1% in return for a "promise" that we so long as bitcoin exists guarantee your funds?

That would also be misleading:
A. We cannot promise anything forever.
B. We cannot promise someone does not somehow exploit our software.
C. We cannot promise we do not get seized.

I appreciate being open about this, I just don't think people will exchange their Bitcoin for a gift card. Maybe for small amounts if there's a useful application for it, just like I'm okay having small amounts of Lightning funds in a custodial wallet. But even though all the same limitations apply to for instance BlueWallet, they're not scheduling regular "exits" by taking all user funds.

[blindmixer]

But that's also the problem I have with it: Bitcoin isn't a gift card, private keys are forever!

I appreciate being open about this, I just don't think people will exchange their Bitcoin for a gift card. Maybe for small amounts if there's a useful application for it, just like I'm okay having small amounts of Lightning funds in a custodial wallet.

For a relatively long time? I'd agree with you. In those instances you should only leave small amounts to for example leverage our lightning capabilities to pay for every-day goods.

However the success of more traditional mixers has shown us that there is definitely a demand for mixing moderate to large amounts of funds by means of a custodial, centralized third-party (= traditional mixer). You can do exactly that by swapping back your "giftcards" (unblinded coins) shortly after receiving them, with the speed of a database query.

So really there would be little to no difference between us and any other custodial, centralized mixer. If you think about it this is also exactly what you are doing with more "traditional" mixers: you're swapping real** bitcoins for a promise of future** real bitcoins.

blindmixer is really no different just because we have packaged it in a more sophisticated way. you swap real bitcoins for giftcards (a promise to future real bitcoins), and you can immediately at will converse those back to real bitcoins.

Now the "useful applications" for doing such an operation are listed in the OP and follow from what traditional mixers offer but blindmixer also offers (and perhaps negates) some features such as:
A. being able to choose how to "swap out" these funds (lightning or a regular transaction)
B. Added proveable* privacy. The most prominent feature is that these giftcards are "blinded", and as such we don't know which "promise" belongs to you so to speak. * The degree in which this privacy is acquired is largely dependant on how you use us. This applies to both the on-chain vector and the custodian vector.

Let me also just repeat that the giftcard itself is signed by the custodian using the corresponding public key (depending on the magnitude). Now the giftcard or "coin" is nothing more than a public key and so you use the corresponding private key to prove ownership when conversing it back to real bitcoins, leaving little to no room for the custodian to scam you as an individual without it being proveable.


future* = no matter how short, can be five minutes or a day.
real* = bitcoins only you have the private key to.

[LoyceV]

Maybe for small amounts if there's a useful application for it, just like I'm okay having small amounts of Lightning funds in a custodial wallet.

For a relatively long time?

I've had funds in a custodial LN wallet for over 2 years. I actually lost a small amount due to an uninstalled wallet for which I can't find back the picture I took of the backup QR-code. This could be considered profit for the wallet, but they can never know if the user won't find back the backup years later.

So really there would be little to no difference between us and any other custodial, centralized mixer. If you think about it this is also exactly what you are doing with more "traditional" mixers: you're swapping real** bitcoins for a promise of future** real bitcoins.

But the "traditional" promise doesn't expire: you get your Bitcoins after a certain amount of time.

blindmixer is really no different just because we have packaged it in a more sophisticated way. you swap real bitcoins for giftcards (a promise to future real bitcoins), and you can immediately at will converse those back to real bitcoins.

Unless you forget about them for too long. How about an alternative: instead of expiring instantly at a certain moment, could you charge a daily fee for storing the value of the giftcard? If you charge for example 0.02% of the value per day, that amounts to 7% per year and in exchange giftcards never have to expire.

[blindmixer]

Hi everyone, a quick word from us:

Over the past couple of weeks we've seen that there are some users who swap some bitcoins in and immediately swap the same amount out again, which usually results in them getting their own inputs back as that is the most optimal solution our coin-selection can come up with.

Now we could and probably will disable our coin-selection from allowing the newest inputs to be used in a withdrawal at the cost of some efficiency, but here's what you can do yourself to increase your privacy:

We recommend that you either hook out partial amounts totalling your deposit, wait a bit for your funds to be used by other users, or for you to reverse swap your bitcoins out using a trustless third-party such as BOLTZ.exchange

The latest works as follows:
1. Deposit bitcoin normally using one of your deposit addresses.
2. Generate a swap from LN-BTC to BTC on BOLTZ.exchange

3. Pay the lightning invoice by pasting the invoice in the "Send" field.

You will immediately receive the BTC on the bitcoin address you gave them. This swap with boltz is completely trustless. Unfortunately boltz does charge a 0.5% fee.
This is really just a temporary solution until we get more users in which case this will gradually become less of a problem.

Unless you forget about them for too long. How about an alternative: instead of expiring instantly at a certain moment, could you charge a daily fee for storing the value of the giftcard? If you charge for example 0.02% of the value per day, that amounts to 7% per year and in exchange giftcards never have to expire.

We have more or less implemented this, however, due to the nature of the custodian it will be hard to make this backward compatible which is why we have decided that the wipe will continue as planned.

We (a very quick estimate) estimate that there currently is still between 0.002 - 0.01BTC deposited by users that has not been withdrawn yet, which is why it doesn't make much sense for us to code in some exceptions that will barely if ever be used.

After this wipe we will make use of our new system which gradually decreases the value of a coin as time goes by. We're currently thinking this to be roughly one percentage point every 4 weeks with a 4 week grace period, so you will always have at least 4 weeks to spend your coins without any additional fees.

Let us know if you have any questions about the nature of the new business model or if anything needs to be explained in further detail.


Expect some downtime (12-24h) after

Code:

2022-01-01T05:00:00.000Z

[dkbit98]

Generate a swap from LN-BTC to BTC on BOLTZ.exchange

Maximum amount that can be swapped on Boltz exchange is only 0.1 BTC and that is not nearly enough for most people.
I think that sideshift.a and fixedfloat.com offer larger amount for swapping but they are not trustless or noncustodial, but using any of this defeats the purpose of using mixer in the first place.

[blindmixer]

Both the testnet and mainnet are back online!

We've updated our business model and will no longer "wipe" the custodian.
Instead: every 4 weeks we will regenerate our signing keys. Coins which were acknowledged with keys from previous periods will have their value reduced by 1% with respect to their original value. To mitigate large differences between the time you have to spend your coins without any additional "decay" there will be a 4 week grace period before any decay is applied.

So you have until the end of current period + end of next period (at least 4, max 8 weeks) to spend your coins without any additional fees.

Let us know what you think!

Maximum amount that can be swapped on Boltz exchange is only 0.1 BTC and that is not nearly enough for most people.

You could always do multiple transfers.

I think that sideshift.a and fixedfloat.com offer larger amount for swapping but they are not trustless or noncustodial, but using any of this defeats the purpose of using mixer in the first place.

Not really though. If you use them through us it will generally speaking be very hard for them (boltz) to link your on-chain deposit that you have with us to the payment of the lightning invoice.

Sure, you could also just use your own lightning node and loop your own on-chain funds in to pay the invoice [1] but that is already far too technical for most users.

[1] Not knowledgeable on how private loop is, though I assume that at the very least the Loop server knows the destination of an off-chain transaction...

Also at that point you might as well just use loop as a "mixer" and discard boltz completely. Much cheaper. Though indeed, doing this with loop or any direct transfer with fixedfloat and boltz will only achieve unlinkability to an observer.

[blindmixer]

Hi everyone! We're looking for your feedback!

If you wish to review our service and let us know what we could improve on feel free to comment.


An update on this:

B. You speak of tor so much, yet blindmixer does not work in the tor browser?

We're not sure what changed but our wallet now works by default if you use the standard tor browser settings.

If you use the tor browser in combination with something like Tails (4.28) you still need to go to

Code:

about:config ->> dom.indexedDB.privateBrowsing.enabled

or manually open a "non-private" window, as that seems to be default behaviour. (browser.privatebrowsing.autostart)