Ultimate Bitcoin Privacy - Discussion

[Synchronice]

I'm here for any questions if something is unclear

I'll ask again: If you have access to the backup where the seeds of all signers are stored, finally total control comes down to you. Did I understand correctly? If I didn't, please enlighten me cause seems I didn't get it then.

Rather than asking a few questions about user privacy, I will ask another kind of question.

What preventative measures have you taken to protect yourself from arrest and federal government seizure of website assets (i.e: how do you plan to avoid Cipmixer's fate)?

That's kinda strange question, if he says that he does in order to save himself from the claws of government, would it make sense in terms of security?
By the way, another question that I have, is, why does someone want to create a mixer when this happened to chipmixer? Or why does any of them want to continue to operate? When you enter the ocean, you enter the food chain.

[1715511095]

1715511095

[JollyGood]

Considering the recent situation with Chipmixer, I think this is definitely a valid question.

Rather than asking a few questions about user privacy, I will ask another kind of question.

What preventative measures have you taken to protect yourself from arrest and federal government seizure of website assets (i.e: how do you plan to avoid Cipmixer's fate)?

[whirlwindmoney]

I remember reading that report thoroughly at the time it was shared. I agree that the structure that ChipMixer used, and the similar structure that Whirlwind is now using, meant that they can't be broken in the same way as traditional mixers exactly for the reasons whirlwindmoney has given above. By allowing users to deposit different amounts to different addresses at different times, to combine and split these amounts freely, to do so over any period of time desired, and then to withdraw any amount of coins from their vouchers/notes, it becomes impossible to track inputs and outputs in the same way this report does. Of course users can still make mistakes such as combining mixed and unmixed UTXOs, but the service itself is not at fault in such cases.

My feeling would be that the fast option would potentially be breakable in the same way that every other mixer is, but notes would not be breakable in the same way that ChipMixer wasn't.

And of course if things get as far as blinded certificates, then it becomes provably impossible to link deposits and withdrawals via blockchain analysis, since certificate issuing, trading, spending, and redeeming, all happens off chain and Whirlpool are blinded to the individual certificates.

If we didn't have the Notes then I agree, Fast mode would have the same disadvantages as any other mixer. But since outputs from Notes and Fast look exactly the same there is no way for any outside observer to know which mode you used. So Fast mode is as secure as the Notes from a privacy set standpoint. I would still recommend using Notes regardless because they offer the end-user full control over the process.

I'll ask again: If you have access to the backup where the seeds of all signers are stored, finally total control comes down to you. Did I understand correctly? If I didn't, please enlighten me cause seems I didn't get it then.

Yes you understood correctly, I have total control. I explained in previous messages that the multi-sig's purpose is to protect against external attackers, not against myself.

Considering the recent situation with Chipmixer, I think this is definitely a valid question.

Rather than asking a few questions about user privacy, I will ask another kind of question.

What preventative measures have you taken to protect yourself from arrest and federal government seizure of website assets (i.e: how do you plan to avoid Cipmixer's fate)?

It sure is a valid question and I understand the concern, I'll share my view on this issue. As I said since before I even launched the service, I am hoping for the best while preparing for the worst.

I could give more technical details about our security, but all I will say for now is that we took the most extreme security precautions possible. Our "hot wallet" is a 3/3 multi-sig with one of the signers being a physical server, so funds are safe. The infrastructure looks like a mini blockchain (with only 3 validators or signers which are all run by us for now), so even if the frontend or backend servers would get hacked, no funds could be stolen since faking guarantee letters using the backend server doesen't do anything as the signers would also have to verify. It's complicated, but like I said before if I'll find willing trusted members to run signers with us I am willing to do it.

Having said all of the above as far as I'm concerned I am not doing anything illegal. I don't encourage illegal activity and will never promote the service on the darknet or for any illegal purposes, I'm a simple provider of privacy services. There are no statistics regarding % of CEX funds coming from illicit sources so we can't compare to what we know about mixers, but my guess is that the number is very similar if not higher for centralized exchanges. There are bad actors in every industry, you can't just shut down all businesses of one type because of a few bad apples. If the service will start to get seriously abused by bad actors and big pressure will be put on us then I'd much rather shut down the service early and honorably than put users funds and privacy at risk, but for now I still believe there has to be a way to run everything legally. This is not because I don't believe Bitcoin is fungible or anything of this sort, but regardless if the service gets seized or sanctioned, the end result is the same as in it can't really be used anymore, so everyone loses. Having great security is a must, but relying on this by itself doesen't generate any value for the long term. I'd much rather try to find a way in which everyone is happy, or at the very least not too unhappy, while users enjoy full privacy. This is what they pay for and nothing less is acceptable

I also want to emphasize that I have not commited any crimes while creating Whirlwind, for example identity theft.

Even though I don't believe I have anything to worry about, I'd still prefer to add more signers to the multi-sig so I don't have full control anymore. This would make it safer for everyone, I really do not like the fact that users have to trust me. For now this is the only option though, and I will not take any steps in this direction unless I am 100% sure it's done in a safe way. The community would also have to agree with the plan before I set it in motion

[T3PR00T]

Even though I don't believe I have anything to worry about, I'd still prefer to add more signers to the multi-sig so I don't have full control anymore. This would make it safer for everyone, I really do not like the fact that users have to trust me. For now this is the only option though, and I will not take any steps in this direction unless I am 100% sure it's done in a safe way. The community would also have to agree with the plan before I set it in motion

The way you are trying to involve individuals from the community  and keep talking about community in the main operations with the multi signature addresses and things, I wonder what the three letter agency will feel about it when they will target your project. If you become bigger then today or tomorrow they will come after you and the people with you working in the managerial level holding the keys.

If they get the false sense of understanding that the mixer is running by bitcointalk community then immediately they will come after bitcointalk and destroy it.

[o_e_l_e_o]

If we didn't have the Notes then I agree, Fast mode would have the same disadvantages as any other mixer. But since outputs from Notes and Fast look exactly the same there is no way for any outside observer to know which mode you used. So Fast mode is as secure as the Notes from a privacy set standpoint. I would still recommend using Notes regardless because they offer the end-user full control over the process.

That's a good point, and one I did not consider. For an external observer using blockchain analysis, then a fast mix appears identical to someone using notes. They can see the deposit being made, but since they don't know if the user is using fast or notes, they are unable to reach any conclusions about the time frame of when the withdrawal will be made or how much will be withdrawn. Both fast and notes users benefit from being in the larger anonymity set provided by the other type of user, and having the different process help to obfuscate what is happening.

[BlackHatCoiner]

So, as far as I've understood (without giving much emphasis on the details), whirlwind is a mixer that knows the input, but doesn't know the output (i.e., I send 0.01 BTC, but they don't know which 0.01 BTC output I will spend). Is that correct?

I have some questions:

• First of all, what's your setup, as NotATether said? ChipMixer was proved to have poor setup, and even if your service isn't prone to failure due to centralization, your absence would lead to the corruption of the service (at least now that it's brand new).
• How do you plan to select anonymous trustworthy members?
• Who grants us that the authorities will not try to shut down the federation? AFAIK, from what I've read, the trustworthy members will only protect the users in case whirlwind is shutdown, and it protects their privacy using blinded certificates, but it doesn't grant that the service will continue being online after whirlwind (the user) disappears.

Very interesting implementation, I hope it goes well.

[Synchronice]

Having said all of the above as far as I'm concerned I am not doing anything illegal. I don't encourage illegal activity and will never promote the service on the darknet or for any illegal purposes, I'm a simple provider of privacy services. There are no statistics regarding % of CEX funds coming from illicit sources so we can't compare to what we know about mixers, but my guess is that the number is very similar if not higher for centralized exchanges. There are bad actors in every industry, you can't just shut down all businesses of one type because of a few bad apples. If the service will start to get seriously abused by bad actors and big pressure will be put on us then I'd much rather shut down the service early and honorably than put users funds and privacy at risk, but for now I still believe there has to be a way to run everything legally.

Thank you for your responses, hope you don't mind if I ask you some deep questions:
1. Do you do something or plan to do something to prevent abuse of your service? I mean to minimize it cause nothing is totally preventable. There are people who care about their privacy and there are people who want to do illegal things, do you have a plan to make your service unlikeable for the people who do illegal things? To get rid of them. Do you think are there any measurements that you can take while keep your service functional for people who care about their privacy?
I know this question can sound strange but it's still an interesting one. More likely I mean, you may be able to get list of addresses that are known to be found in illegal activities and you may include these addresses in your blacklist to not be able to use your service.

2. I think, you understand that doesn't matter how trusted someone is on this forum, there is a chance that any signer can actually be a spy. By the way, what do you think, what's the number of signers that can make you feel safe and get rid of cooperation to steal money? Definitely 3/3 or 7/7 won't work, you need something like 2/3 or 5/7 at least. I think this is a huge challenge.

[DooMAD]

Even though I don't believe I have anything to worry about, I'd still prefer to add more signers to the multi-sig so I don't have full control anymore. This would make it safer for everyone, I really do not like the fact that users have to trust me. For now this is the only option though, and I will not take any steps in this direction unless I am 100% sure it's done in a safe way. The community would also have to agree with the plan before I set it in motion

The way you are trying to involve individuals from the community  and keep talking about community in the main operations with the multi signature addresses and things, I wonder what the three letter agency will feel about it when they will target your project. If you become bigger then today or tomorrow they will come after you and the people with you working in the managerial level holding the keys.

If they get the false sense of understanding that the mixer is running by bitcointalk community then immediately they will come after bitcointalk and destroy it.

I'd suggest when selecting trusted members of the community to act as additional signers, those members reside in regions that:

a) aren't openly hostile to Bitcoin,
b) aren't aligned with US/EU interests and
c) aren't all in the same place  

That alone will make it more resilient to takedown.  It's not just about trusting the individuals, it's about what their respective governments might do.

[whirlwindmoney]

Even though I don't believe I have anything to worry about, I'd still prefer to add more signers to the multi-sig so I don't have full control anymore. This would make it safer for everyone, I really do not like the fact that users have to trust me. For now this is the only option though, and I will not take any steps in this direction unless I am 100% sure it's done in a safe way. The community would also have to agree with the plan before I set it in motion

The way you are trying to involve individuals from the community  and keep talking about community in the main operations with the multi signature addresses and things, I wonder what the three letter agency will feel about it when they will target your project. If you become bigger then today or tomorrow they will come after you and the people with you working in the managerial level holding the keys.

If they get the false sense of understanding that the mixer is running by bitcointalk community then immediately they will come after bitcointalk and destroy it.

The goal of this thread is to have a discussion regarding this issue. If at any point we come to the conclusion that it's riskier to run Whirlwind as a community project then I will simply continue to do it myself. I don't understand your point about Bitcointalk as a forum getting dragged into this since it has nothing to do with Whirlwind

If we didn't have the Notes then I agree, Fast mode would have the same disadvantages as any other mixer. But since outputs from Notes and Fast look exactly the same there is no way for any outside observer to know which mode you used. So Fast mode is as secure as the Notes from a privacy set standpoint. I would still recommend using Notes regardless because they offer the end-user full control over the process.

That's a good point, and one I did not consider. For an external observer using blockchain analysis, then a fast mix appears identical to someone using notes. They can see the deposit being made, but since they don't know if the user is using fast or notes, they are unable to reach any conclusions about the time frame of when the withdrawal will be made or how much will be withdrawn. Both fast and notes users benefit from being in the larger anonymity set provided by the other type of user, and having the different process help to obfuscate what is happening.

Correct

So, as far as I've understood (without giving much emphasis on the details), whirlwind is a mixer that knows the input, but doesn't know the output (i.e., I send 0.01 BTC, but they don't know which 0.01 BTC output I will spend). Is that correct?

I have some questions:

• First of all, what's your setup, as NotATether said? ChipMixer was proved to have poor setup, and even if your service isn't prone to failure due to centralization, your absence would lead to the corruption of the service (at least now that it's brand new).
• How do you plan to select anonymous trustworthy members?
• Who grants us that the authorities will not try to shut down the federation? AFAIK, from what I've read, the trustworthy members will only protect the users in case whirlwind is shutdown, and it protects their privacy using blinded certificates, but it doesn't grant that the service will continue being online after whirlwind (the user) disappears.

Very interesting implementation, I hope it goes well.

-Can you be more specific about this question? What do you mean by what's our setup
-No idea at the moment, we would all have to agree on a "procedure"
-If we manage to implement the multi-sig with multiple trusted members, then even if I go missing 1 hour after that it does not matter. The remaining members can run the service as if it never happened, so the service can continue with or without me

Having said all of the above as far as I'm concerned I am not doing anything illegal. I don't encourage illegal activity and will never promote the service on the darknet or for any illegal purposes, I'm a simple provider of privacy services. There are no statistics regarding % of CEX funds coming from illicit sources so we can't compare to what we know about mixers, but my guess is that the number is very similar if not higher for centralized exchanges. There are bad actors in every industry, you can't just shut down all businesses of one type because of a few bad apples. If the service will start to get seriously abused by bad actors and big pressure will be put on us then I'd much rather shut down the service early and honorably than put users funds and privacy at risk, but for now I still believe there has to be a way to run everything legally.

Thank you for your responses, hope you don't mind if I ask you some deep questions:
1. Do you do something or plan to do something to prevent abuse of your service? I mean to minimize it cause nothing is totally preventable. There are people who care about their privacy and there are people who want to do illegal things, do you have a plan to make your service unlikeable for the people who do illegal things? To get rid of them. Do you think are there any measurements that you can take while keep your service functional for people who care about their privacy?
I know this question can sound strange but it's still an interesting one. More likely I mean, you may be able to get list of addresses that are known to be found in illegal activities and you may include these addresses in your blacklist to not be able to use your service.

2. I think, you understand that doesn't matter how trusted someone is on this forum, there is a chance that any signer can actually be a spy. By the way, what do you think, what's the number of signers that can make you feel safe and get rid of cooperation to steal money? Definitely 3/3 or 7/7 won't work, you need something like 2/3 or 5/7 at least. I think this is a huge challenge.

1.I'm still trying to figure out if there is a way to do this, if I have any ideas I will write about them before I implement anything. Here is an idea I had, but we need the Blind Certificates in order for it to work. It would be possible to prove your funds are not coming from specific addresses without revealing which one your deposit actually is.

With the Blind Certificates I talked about in my previous posts it may be possible for users to prove their funds don't come from specific addresses linked to hacks/ransom/etc., so if that is possible then honest users have a way to prove they are not thieves while retaining privacy, and bad actors are isolated so sending the BTC to whirlwind is pretty much useless if they plan to use centralized services afterwards since they couldn't prove they are not one of the bad actors.

2.Your first point is my biggest concern and something for which I'm not convinced that a solution even exists. We will come to a conclusion together after more discussions, whatever that may be

[BlackHatCoiner]

-Can you be more specific about this question? What do you mean by what's our setup

Where do you run this? Your home, or you use some provider? How much access does the site provider have? What rights do they have? How much information do they have about you? Are you doing everything via anonymous networks?

-If we manage to implement the multi-sig with multiple trusted members, then even if I go missing 1 hour after that it does not matter. The remaining members can run the service as if it never happened, so the service can continue with or without me

Alright, so everyone can setup a front end (whose source code, as I've read, you'll publish at some point) and connect to some backend that is hosted by the trusted members?

[whirlwindmoney]

-Can you be more specific about this question? What do you mean by what's our setup

Where do you run this? Your home, or you use some provider? How much access does the site provider have? What rights do they have? How much information do they have about you? Are you doing everything via anonymous networks?

I am taking opsec very seriously so even though the answers to these questions might seem obvious to me I'll say it out loud for the record

1.Where do you run this? Your home, or you use some provider?
I can't disclose the exact setup that we're running but there are >5 servers, all but one are from different providers. The last one is one of the signers and it's a physical server in a secure location that we have visual access to 24/7, so it can't be tampered with.

2.How much access does the site provider have?
The other providers besides the one where we run the clearnet server (which is public) should not even be aware that we are using them. Regardless even if they knew there is nothing they can do since no single server holds all keys. So noone besides me has access to anything unless they break into all servers at once without me noticing, including the physical server. I will also change all servers and rotate providers once in a while just to be sure.

3.What rights do they have? How much information do they have about you?
They have 0 information about me, same as everyone else. Worst they could do is shut down a server, and that really doesen't do anything since we can replace it in 10 minutes and have everything up and running again like it never happened.

4.Are you doing everything via anonymous networks?
Yes

If as an operator you can't even protect yourself, then there is no way you can protect your users and this is what this service is all about. I'm also willing to put my money where my mouth is, so if anyone can manage to find the IP of any of the signers (no time limit and no requirement to hack it, only finding the IP is enough) I will offer a considerable bounty.

Alright, so everyone can setup a front end (whose source code, as I've read, you'll publish at some point) and connect to some backend that is hosted by the trusted members?

Correct

[LoyceV]

The last one is one of the signers and it's a physical server in a secure location that we have visual access to 24/7, so it can't be tampered with.

Did you mean physical access? Or does this mean there's a camera pointed at the server?

I will also change all servers and rotate providers once in a while just to be sure.

When you move a server to a different provider, do you also create a new multisig (so the privkey/seed from the retired server is no longer valid)?

[NotATether]

-If we manage to implement the multi-sig with multiple trusted members, then even if I go missing 1 hour after that it does not matter. The remaining members can run the service as if it never happened, so the service can continue with or without me

Alright, so everyone can setup a front end (whose source code, as I've read, you'll publish at some point) and connect to some backend that is hosted by the trusted members?

So since he said it's true, this means we can run this thing in the same fashion as a Tor exit node. Therefore, you should take exactly the same precautions as you would when you run a Tor exit node - use ISPs that are Tor-friendly, make sure you have lawyers and a good legal team, use hosting providers and datacenters that are OK with Tor traffic, and so on.

Just like how some countries try to charge Tor node operators with shady darknet actions that its users do, so these countries will try to charge those who host decentralized mixer frontends and backends, so everyone make sure you guys are not hosting them in countries hostile to mixers, such as the USA.


Buuuut....

I suggest not relying only on Bitcointalk community members. Try to involve the greater bitcoin community in this, for example, on reddit, twitter, and the various Bitcoin conventions. The last thing the forum administration wants is the resemblance that it's openly facilitating mixer activity.

[JollyGood]

After a quick navigation of the website anybody can see it is simple to use and the Fast or Notes options are extremely easy to select. It is a basic no-nonsense to the point website that is easy to navigate and that is a plus for end users and that should play a very important part as your business grows.

Having said that one of the fears people must have is about sending funds to mixers at the unfortunate time the mixer decides to exit scam (and to my knowledge it does happen from to time because people end up posting about getting scammed). Keeping that in mind this would be a very difficult question to answer but what can you say here and now to give confidence to forum members that a future exit scam is the furthest thing from your mind and what your very long term strategy is?

Correct

[BlackHatCoiner]

So since he said it's true, this means we can run this thing in the same fashion as a Tor exit node.

Or just as a hidden service.

[whirlwindmoney]

The last one is one of the signers and it's a physical server in a secure location that we have visual access to 24/7, so it can't be tampered with.

Did you mean physical access? Or does this mean there's a camera pointed at the server?

I will also change all servers and rotate providers once in a while just to be sure.

When you move a server to a different provider, do you also create a new multisig (so the privkey/seed from the retired server is no longer valid)?

Both, but at this point I'm only relying on the camera. If I observe anything out of the ordinary then I'll just get another server and set it up in the backup location, but I highly doubt it will come to this.

Yes, everything besides the frontend Tor link and the clearnet reverse proxy server will be changed. The frontend server will be changed too, we will only keep the current Tor link so it's less confusing for users.

I suggest not relying only on Bitcointalk community members. Try to involve the greater bitcoin community in this, for example, on reddit, twitter, and the various Bitcoin conventions. The last thing the forum administration wants is the resemblance that it's openly facilitating mixer activity.

I don't want to cause any issues for anyone, let alone hurt the whole forum so I'll stop discussing this here, the only reason I did in the first place was because I thought users would prefer this over having to trust me, but I'll run the service this way for a while and whenever I'll get the chance to make everything trustless I will. If anyone has any ideas in this direction you're welcome to DM or email me and I'll gladly discuss further.

After a quick navigation of the website anybody can see it is simple to use and the Fast or Notes options are extremely easy to select. It is a basic no-nonsense to the point website that is easy to navigate and that is a plus for end users and that should play a very important part as your business grows.

Having said that one of the fears people must have is about sending funds to mixers at the unfortunate time the mixer decides to exit scam (and to my knowledge it does happen from to time because people end up posting about getting scammed). Keeping that in mind this would be a very difficult question to answer but what can you say here and now to give confidence to forum members that a future exit scam is the furthest thing from your mind and what your very long term strategy is?

Correct

It's impossible to answer this question in a way that would have any sort of weight and I don't want to appear like I'm asking users to trust me just because I'm writing some messages here. My expertise/intentions will become clear from my actions as time goes on and that's the only way I can prove myself other than decentralizing the service.

I've been very transparent about every detail of Whirlwind, I've built everything from the ground up. I took the time to analyze every aspect of this business and I believe I came up with something unique in the Bitcoin space, something that our competitors don't even come close to from a technical standpoint.

It seems like a different mixer launches every day, but if you have a more in-depth look you will notice that each one of them has some major issues.
Use of [banned mixer] as their backend/very weak privacy set/ use of Cloudflare/ use of mixing codes which basically means keeping logs.

Even though I could have taken a lot of shortcuts in order to get the service out in 10x less time,  I chose to do everything the right way and made no compromises at all.

[Cenq]

Any known problems with the site? 300$ are stuck, it's been 1 hour since 2 confirmations and the site keeps saying "in 0 hours". The input address forwared the coins already to another address so...

edit: Wrong thread I appologize, but I guess you'll see my message anyway.

[whirlwindmoney]

Any known problems with the site? 300$ are stuck, it's been 1 hour since 2 confirmations and the site keeps saying "in 0 hours". The input address forwared the coins already to another address so...

edit: Wrong thread I appologize, but I guess you'll see my message anyway.

Apologies for the delay, as I said in the ANN thread I'm currently working on some features so that's why withdrawals may be a bit delayed. You have nothing to worry about, all withdrawals will be processed as soon as the upgrade is done in the next hours.

Deposits are unaffected, you can still use the service. Thanks for understanding

[Cenq]

Any known problems with the site? 300$ are stuck, it's been 1 hour since 2 confirmations and the site keeps saying "in 0 hours". The input address forwared the coins already to another address so...

edit: Wrong thread I appologize, but I guess you'll see my message anyway.

Apologies for the delay, as I said in the ANN thread I'm currently working on some features so that's why withdrawals may be a bit delayed. You have nothing to worry about, all withdrawals will be processed as soon as the upgrade is done in the next hours.

Deposits are unaffected, you can still use the service. Thanks for understanding

Can confirm I've received the funds about 1 hour ago.
Thank you for the quick reply. Will use your service again for sure. 

[whirlwindmoney]

Can confirm I've received the funds about 1 hour ago.
Thank you for the quick reply. Will use your service again for sure. 

Thank you for the feedback! Everything is working as usual now.

Update
-Clearnet is back online with improved DDoS protection and stability
-Added "You can withdraw as many times as you want from a single Note." on the Withdraw Note page
-Added "All deposits made within 24 hours will be considered valid, regardless if they are still pending or confirmed." on the Deposit page