For anyone out of the loop, a quick introduction. On the 13th of March, 2022, the CoinJoin-enabled Bitcoin wallet WasabiWallet.io announced they will start blacklisting certain UTXOs.
More on this here.
The tweet:
https://twitter.com/wasabiwallet/status/1503091503207432193Essentially, they will start refusing UTXOs associated with illegal activities, preventing them from participating in CoinJoin transactions. The list of what they are considering illegal can be found here:
https://twitter.com/ODELL/status/1503141547071754242It is not clear how they will determine if certain UTXOs are illegal or not, but it all definitely can be called an attack on fungibility and privacy. If this news is true, the default coordinator run by zkSNACKs company is no longer a reliable solution to coinjoin your transactions.
Since icopress was speaking to them regarding a signature campaign for multiple months prior to that, and it went live recently, he had a good contact at Wasabi and offered to send a list of questions directly to Wasabi's CEO.
For full transparency: icopress contacted me and he kindly offered me to send him a concise list of questions which he'd directly forward to the Wasabi CEO.
I'm partly speculating myself in this thread, but also gave Wasabi the benefit of the doubt in some cases and generally try to be as objective as I can. Therefore I thoroughly read everything you guys are writing and will summarize a list with the 'top questions'..
We now got our answers, so I created this thread to talk about them, as not to clutter the
main WasabiWallet.io thread.
I posted my questions just when I sent them to icopress, here:
[...]
The answers are below. I'm not really satisfied with them, since they don't really explain the discrepancy between privacy and surveillance, between fungibility; supposedly allowing everyone to use the service, but employing a blacklist, and don't explain the reason behind the switch either. What do you guys think?
- Guys, below are the answers to 24 questions that n0nce formulated on behalf of the public.
These answers are 100% coming from the decision maker (I was asked who should answer the questions, I said I expect a response directly from the CEO). I also hope that these answers can shed some light on some of the nuances, and cool the discussion (or make it even hotter).
1. Who is your target audience / target user demographic? Due to the recent changes, we must assume it's people who are interested in mixing coins, while at the same time not having a problem with the mixer discriminating between UTXOs. Mixing with a blacklist seems like an oxymoron to us and we struggle to see the use case.
Answer: Our target audience is Bitcoiners.
Many people seem to struggle understanding what zkSNACKs blacklisting really means and why we are doing it, so let’s start from the basics. ZkSNACKs is a company that sponsors the development of an open-source project called Wasabi Wallet. This company also runs the default coordinator that is needed to create coinjoin transactions in Wasabi. This coordinator service can be run by other entities too, as everything is open and available. Users are able to choose which coordinator they want to communicate with but unfortunately there are not many options, as running one has its risks and not many people are willing to do it.
The zkSNACKs coordinator is clearly the largest and has substantially more liquidity than others; hence, this is why most people use it. Wasabi Wallet was built in a way that the developers and zkSNACKs don't collect any data about their users. We do not care who you are and what you do with your bitcoins! We don't want to know. Unfortunately, some people do collect data, attach it to bitcoin addresses and make decisions based on that information. The company is getting in trouble and harassed because apparently some of the users of our coordinator are so-called “criminals”, according to the people keeping up these databases.
We are not saying that the database is correct, as we do not agree with most of the classifications but we want to be able to see the same information that apparently others already have. We don’t want to do any chain surveillance ourselves, so we would rather just buy that information from others. We are not interested in applying sanctions or other immoral crap. We are exercising our right as a company to choose not to serve those people who could get us in trouble and the ones whom we wouldn’t want to support for ethical reasons. This includes known thieves like politicians.
Ostracization is, in our opinion, a libertarian way to react to the problems that have occured because of these high profile users. We are still not collecting data about our users nor are we revealing anything new to chain analysis companies. The blacklisting has no effect on users' privacy. If you knew a pedophile/murderer was eating at your restaurant, would you serve him? Especially if serving him gets you in trouble? Basically, are you willing to sacrifice yourself and your restaurant for him?
2. Related to point 1, we found comments on your own Twitter profile from presumably former Wasabi users, like:
What's the point of a washing machine that only washes clean laundry?
- do you have a response for that?
Answer: It’s the same as having a washing machine that by default collects xpubs. Privacy. All implementations have tradeoffs, pick your poison.
3. Is it correct that you now officially focus on institutional investors and chose to implement a blacklist for this reason? Your blog post and other statements make it seem like this is the case. For example in this interview:
https://stephanlivera.com/episode/364/, Max Hillebrand said: 'if you, as a CoinJoin coordinator, if you want to work with institutional clients, hedge funds, insurance funds, Michael Saylor, and all these people, well, even if ZKSnacks were not to be regulated, those customers might very well be, maybe because they're custodians of other people's money or whatnot. And then these regulated entities can only become users of a coordinator—arguably, I'm not sure—if such a blacklisting is involved.'
Answer: No, we’re certainly not exclusively focusing on institutional investors and this has nothing to do with why we are implementing a blacklist. Just like Bitcoin adoption, there are different levels of users and we feel like Wasabi Wallet is the best way to improve privacy within Bitcoin. Therefore, we would like our wallet to be used by any user: institutional or recreational.
4. If institutional investors are now your target audience, why didn't you communicate this openly and transparently - maybe even continued running Wasabi 1.0 for the vast majority of users, without all this tainting and blacklisting and explicitly stated that this 'Wasabi with blacklisting' is dedicated to such investors that are regulated and thus aren't allowed to use a mixer that has no blacklist?
Answer: Lots of loaded assumptions again in this question. Institutional investors are not our main target audience, bitcoin users in general are. Institutional investors are of course part of that group. We are extremely transparent and that’s the problem. We inform our users about blacklisting as soon as we know we are going to implement it, without actually knowing how or when. Some might say we should have informed users about it only when it's implemented but we didn't feel comfortable keeping it a secret.
5. We believe:
If Wasabi were actually being targeted by laws and regulations, then the correct course of action is to let all their users know about it, inform all their users how to mitigate it, explain to their users how to swap to a decentralized coordinator, create easy tutorials for people to set up and run their own coordinators, and shut down their centralized coordinator long before they are forced to start cooperating with blockchain analysis.
Did you consider taking such a course of action instead of the pretty low-key Twitter announcement that got very little visibility and no changes to the website (front and docs page)?
Answer: Regarding the company’s regulatory situation, more info will be shared when possible. We’re always happy to share information about how to change coordinators when someone asks about it but there is no decentralized one. Here’s a link for instructions on
How to Connect to Chaincase Coordinator from Wasabi? · Discussion #119. More info about the blacklisting will also be provided once it’s closer to being implemented.
6.
Why do the institutions of all people need to use CoinJoin on their assets in the first place? Do they have something to hide too?
It seems odd that institutional investors want to use a mixing service; since they usually rather prefer to keep their Bitcoin investments in the hands of a broker / exchange or hold Bitcoin ETFs. Or are the 'institutional clients, hedge funds, insurance funds' trying to hide something from their customers?
Answer: Privacy is not about secrecy. It’s an ability for you to choose what information you share with others. Institutional adoption for our wallet is more than just investors. It’s also the several exchanges conducting thousands of transactions daily. It’s the banks who are wanting to offer their customers the privacy that was commonplace in the banking industry for hundreds of years. It also includes all the companies who are paying their employees in Bitcoin and are obligated to conceal each employee’s compensation.
7. Your website still says:
The aim of bitcoin is to be a decentralized digital currency, but if all users are eventually required to consult centralized blacklists before accepting bitcoin, then its decentralization will be destroyed.
This stands in direct contrast to your blacklisting update. Has your opinion on blacklists changed or how is this view compatible with providing a Bitcoin anonymity service that only allows certain UTXOs to use it?
Answer: Hopefully all users, wallets and services won't have to “consult a centralized blacklist before accepting bitcoin”. But it’s their choice if they want to discriminate against a certain coin, user or service. That’s part of the freedom of association if it's their decision. If this would be mandated by authority, it would be bad. But that’s not the case in our blacklisting, like I explained in the first answer.
We are implementing our own blacklist, as we dont care to become martyrs by serving thieves. We want to keep building the best privacy tools for bitcoiners to take advantage of. Instead of social justice warrioring on behalf of politicians, shitcoiners and other thieves, people should be grateful for the tools that zkSNACKs has built and take advantage of the situation by capturing the market. Instead of all the whining we’re hearing.
8. WasabiWallet also states this; which we all agree with.
If Bitcoin fungibility is too weak in practice, then it cannot be decentralized: if someone important announces a list of stolen coins they won't accept coins derived from, you must carefully check coins you receive against that list and return the ones that fail. Everyone gets stuck checking blacklists issued by various authorities because in that world we'd all not like to get stuck with bad coins. This adds friction and transactional costs and makes Bitcoin less valuable as money.
- Now Chainalysis is the one providing such a list and you're asking them which UTXOs are on the list and which are acceptable. Don't you think you're helping set a precedent which may lead exactly to the scenario described, where everyone will be stuck checking blacklists upon blacklists, published by tons of different authorities, which will make Bitcoin less valuable as money? Are you now making Bitcoin less valuable as money?
Answer: Even though we have the saying “Don’t trust, verify” embedded in the bitcoin culture, very few seem to be actually doing that. We have not said that we would be buying services from the Chainalysis company. This is, again, projecting/assuming. We are going to buy info from a chain analysis company, but not from Chainalysis. We are not asking them which inputs we can include in a coinjoin, but what they know about these inputs.
We decide who we serve. It’s absurd for people to even think that bitcoin would already be fungible when it’s so easy to gather and attach data to the event in the chain. Without privacy, there’s no fungibility. Only after we fix the first one, can we dream of the latter.
9. This statement on your website also strongly implies you are not censoring users, which you now clearly are doing.
The only known possible 'malicious' actions that the server could perform are two sides of the same coin; Blacklisted UTXO's: Though this would not affect the users who are able to successfully mix with other 'honest/real' peers.
In general, it seems like you intentionally never changed the website until the latest redesign (which didn't affect the docs page quoted here, though). Why was there so little communication around this huge update and everything kept so 'on the low'? (big credit to o_e_l_e_o for
digging these out)
Answer: What you are looking at is 1.0 documentation. 2.0 docs are still under construction. Blacklisting is still not implemented.
10. Many users were puzzled about
your very minimalistic Twitter announcement; and what the image is trying to convey isn't clear either. Was this intentional? Some of us speculate that you believe WasabiWallet to be something like a 'last glimmer of hope' for Bitcoin privacy or something like that, since it sounds like that in various interviews and Twitter voice calls, too. Or are you aware that other, even better solutions exist, especially for the people who need privacy the most?
The alternative, discontinuing zkSNACKs would have set back Bitcoin privacy for decades. Blacklisting by the default coordinator, while undesirable, is a small price to pay for the future of Bitcoin's privacy.
That's exactly why we introduced blacklisting: so we can continue to operate and users can still have privacy using Bitcoin.
Wasabi Wallet 2.0 is decades ahead of other privacy solutions in Bitcoin.
Such statements make it appear like you believe yours is the only privacy solution and that there is no privacy in Bitcoin without Wasabi. Would you confirm this? Actually, later you admit that LN has better privacy, so this already seems like a contradiction.
Answer: We sincerely see WabiSabi as the best on-chain privacy technology in bitcoin today. We are aware of various other projects but in all honesty, they are shooting very low. Once you understand WabiSabi, you’ll see why we think it’s on a completely different level. Lightning is nice but not for on-chain privacy.
11. We're talking about political refugees, government critics and investigative journalists for example; these are amongst the ones needing privacy the most (and therefore switching to Bitcoin in the first place). But in
https://twitter.com/HillebrandMax/status/1537503087987937283, at 1:32:10, Aviv Milner says that 'the average person who's using the product especially if you're not in a situation where you're your life depends on it and there's a large government organization that's well funded that's looking to to find you and hunt you down if you're not in that extreme situation then wasabi provides an incredible amount of privacy'. So it means WasabiWallet is not the 'ultimate privacy solution' for Bitcoin after all; just maybe for 'getting a little privacy' or how should we call that? Someone who really, really needs actual privacy cannot rely on Wasabi then? What should they use in your opinion? On one hand, you say Wasabi is the only / best option for privacy, but then admit it doesn't provide enough privacy if someone's life depends on it; so what's the point of it all then? We don't believe privacy is something quantifiable; it's more a yes-or-no kind of deal. Either your UTXOs and transactions are private or they're not.
Answer: Privacy is not black and white. Name a service that promises you 100% guaranteed privacy? Thought so too, there is none or they are lying. Privacy is not a simple matter. There are always risks and tradeoffs. Everyone is just trying their best. Wasabi is far from perfect but it’s one of the only options and compared to other wallets, it’s privacy is very, very good.
Answer: Not sure what you mean, we’ve been working on 2.0 for a long time and havent been working on 1.0, hence no feature updates.
We launched 2.0 on the 15th of June during Tor DDoS attack and it took a few days to get coinjoins running but we already have a lot more than 5k downloads at this point, which is very nice. The amount of users using 1.0 is expected to drop as people move to 2.0. The biggest coinjoin we’ve conducted now has 250 inputs and a bit less than 300 outputs, so from an ambiguity perspective, coinjoins look better than ever.
13. Are there any insights on how you blacklist? Do you rely solely on the data from Chainalysis or do you pre- and / or post-process the data? Since we assume blacklists are used to block coins from illegal origins; which laws or rules are used to determine if an origin or past activity is legal or not? Since Bitcoin is a global currency tied to no nation in particular, it appears impossible to declare 'legality' in this context. For example, copyright laws differ widely across the world; or when it comes to anything sexual, some stuff is illegal in certain countries, but totally legal in others. How can a legal ground be found to determine which UTXOs are 'good' and which are prohibited?
Answer: Chainalysis! = chain analysis. Let’s say we have 200 inputs wanting to register for a coinjoin. We take those and 200 other random bech32 UTXO’s that we send to their API. We get back a response where they let us know if any of these UTXOs match any of the categories and criterias zkSNACKs has set. Those addresses that we accept will proceed to the input registration, those that are blacklisted will get a notification that this UTXO is blacklisted. As a reminder, Wasabi coinjoin is built in a way that the user never loses control of their coins. The coordinator is never custodying users’ money, therefore it can not seize them etc. The querying process doesn’t affect users' privacy.
14. Are all UTXOs sent to Chainalysis for inspection, whenever someone wants to do a CoinJoin or only if after some pre-filtering you have some suspicion?
Answer: Chainalysis != chain analysis. Fresh bitcoins are queried only for coinjoin.
15. Let's take an example: An investigative journalist uncovered a government or other wealthy entity's dirty secrets and now they're after them. People want to donate to the whistleblower or they want to spend their donations through WasabiWallet. However you get a notice to block those UTXOs, so you do exactly that; isn't this exactly the target audience? Isn't this exactly the person who needs a Bitcoin privacy solution? (This refers back to point 1). Don't you also go straight against Bitcoin's original goal of pseudonymous, fungible currency that can be received from and sent to anyone, anywhere, anytime? What's the use of a privacy solution if the ones needing privacy are not allowed to use it? (this refers back to point 2)
Answer: Nothing prevents users from using the open-source wallet to receive and send payments however they want. ZkSNACKs coordinator implementing blacklist does not affect any other wallet features than coinjoin. The company is not implementing a government sanctions list or blocking users like the Canadian truckers.
16. We believe that starting censoring some users opens the door to censoring anybody and everybody. Would you agree with this?
Again: Bitcoin is either censorship resistant, or it isn't. You cannot pick and choose who it is censorship resistant for. If you, like Wasabi, start censoring some users, then you open the door to censoring anybody and everybody
Answer: Luckily we are not making changes to Bitcoin protocol but to our very own server. Every Bitcoin node has the right to choose which transactions it includes in its mempool or relays. Every node has blacklists for nodes that behave badly for one reason or another. ZkSNACKs coordinator has always banned the coins of misbehaving users, as that’s part of the DoS protection. None of these are censorship, as only a government can do such a thing. Everything else is personal preference under the freedom of association.
17. Let's take a step back to the beginnings. Did you consider building something decentralized instead of the current coordinator model? As we can see now, it created a central point of failure.
Answer: Nopara73 actually got into an argument with Scamourai originally because he wanted to explore the possibility of creating decentralized coinjoins without any coordination fee. Scamourai didn’t like that so as usual, they started attacking him. Eventually Nopara73 gave up on that idea and decided to use a centralized but trustless server. To this day, there’s no decentralized version, other than in people’s dreams.
18. You already said this isn't the case; so you don't have to confirm or deny if this happened; but if we're being skeptic, we have to consider the idea that you were pressured by authorities after all, with an extra clause that you're not allowed to say anything about it. Did you ever consider that a privacy-enhancing service would sooner or later be targeted and pressured by authorities? Other similar services explicitly made sure from the beginning that the creators and developers are anonymous, pseudonymous or generally unknown, to make sure such pressure can't be exterted on the project. Actually, satoshi himself may have left Bitcoin to remove such a central point of failure (through pressure on the creator).
Answer: Information about pressures will be posted later. Satoshi is one of the few people who have actually stayed anonymous and left the project. Otherwise, I’m not sure who you mean. Working on a privacy project in today's day and age is very risky. If the project succeeds and grows, it’s only a matter of time before the people involved get harassed. This is expected and that’s why it’s important that we build as much as we can before the worst comes. Even though there’s not necessarily a law forbidding a privacy focused business, it’s only a matter of time before regulators find a way to try to shut the project down. We want to try to distance ourselves from these problems as much as possible, by avoiding unnecessary negative attention.
Answer: No. But as the announcement has nothing to do with blacklisting, it’s no wonder why the blacklisting topic was ignored.
20. Another question quoted directly from the community:
I'm also interested in the scenario (which will definitely happen sooner or later) where someone is allowed to mix their coins and then afterwards Wasabi decide that their inputs were tainted and they shouldn't have been allowed to mix them at all, since the document linked to above also invites you to inform them of any illegal transactions and states that they will fully cooperate with any investigations. Why would reporting an illegal transaction to Wasabi achieve anything at all, unless they have the ability to track those coins and are going to share that information with law enforcement?
Answer: We will share everything we can, which is nothing. That’s the point of zero-knowledge software. Legal papers have all kinds of formalities. False positives and false negatives on blacklisting is unfortunate, but we will try to minimize those as best we can, of course.
21. Automatic CoinJoin and the removal of manual UTXO selection altogether is a deal-breaker for some users (especially in the context of the whole update). We believe it's unexpected behaviour of a wallet to automatically (without user opt-in) send all of a user's UTXOs to a blockchain analysis company for vetting (whether blacklisted or not) and afterwards be mixed. Some users are worried that the very act of mixing makes the UTXO 'tainted' in the eyes of the exchange and that it will freeze those funds. By the way: this is exactly what you predicted in your old docs pages; if everyone starts coming up with 'taint definitions' and blacklists, using (moving) Bitcoin will become infeasibly cumbersome.
Answer: Automatic coin selection and auto coinjoin are a good option for newbies who have no idea what they are doing but we totally understand that advanced users would like to have more insights and control. Features that enable these will very likely be added in the future in one way or another. Before users even open the wallet, they see our terms and conditions, which they have to accept in order to use the software. Coinjoins are considered inherently high risk by many chain analysis services and they are advocating their clients to block them all. Let’s see if a “blacklisted coinjoin” can get a lower score and we can remove the stigma from coinjoins.
22. Another quote from the same recent Twitter group chat:
https://twitter.com/HillebrandMax/status/1537503087987937283 (at 1:32:40) - Aviv Milner says that 'Maybe there is a little more privacy in Lightning'; and elaborates that LN is tricky to use though, so he implies that Wasabi is actually less anonymous / less private than Lightning, but just easier to use? Would you confirm that, that Wasabi CoinJoin privacy is lower than Lightning privacy? So if I need the absolute most privacy, you would recommend to create a Lightning channel and / or doing a submarine swap instead of doing a WasabiWallet CoinJoin? This is practical, important information for a lot of users who need as strong privacy guarantees as possible.
Answer: For strong onchain privacy I don’t know anything better than coinjoin. You never know who’s coin you end up with in a swap. You should also open all your Lightning channels with coinjoined coins. Everything is shit, but this is the best we got. Better get to work if we want something more.
23. Right before, he also says that it's much more private than the vast majority of alternatives; what are those alternative privacy solutions that are much worse than WasabiWallet? Or did he talk about the 'alternatives' as non-privacy-promising, plain and normal non-custodial wallets, with no CoinJoin implementation in them; that these are less private?
Answer: See above.
24. For the last point, we have an important observation:
Wasabi Wallet doesn't utilize any post-mix spending tools, and if part of the users practices bad spending behavior (like spending directly to a centralized exchange), then the other part of the users (more advanced) can potentially be deanonymized in a process of elimination.
If I recall correctly, this is also a potential issue / attack on other such mixing technologies; where bad behaviour (unintentional or even intentional) can put the privacy of other users at risk. This sounds like a loophole / security issue just looking to be exploited. Would you confirm this issues and if yes, are there any plans yet to improve this?
Answer: Regarding the linked, no wallet can prevent users from consolidating coins if they want to. In Wasabi Wallet 1.0 users see a big warning when they try to spend private and non-private coins together. If they want to do it anyway, we should allow it. In 2.0 they see who knows about the transaction they are making but we should add more warnings. Creating a separate wallet for private coins doesn’t help as the user can still consolidate outside the wallet and it’s a very bad UX if sending all coins is urgent. Wasabi Wallet coinjoins are designed to be very large to make sure that even if many users consolidate, you’ll still have plenty of ambiguity from non-consolidated outputs. Deanonymization is a problem in smaller coinjoins with very few participants and low remix rate. Especially if users by default send the server their xpubs, like in Samourai Wallet.
What are these post-mixing tools exactly? Ricochet is very expensive and doesn’t provide you any privacy. 6 hops between cj and exchange is something you can do manually with 10x lower price if you think that helps. Or do you mean small coinjoins after the main coinjoin that is supposed to make sure even the people who leak xpubs can get a little bit privacy from the service provider? Otherwise it’s just a crappy coinjoin.