[ANN] Whirlwind.money | ⚡No Fee⚡ | Ultimate Privacy | Anonymity Mining 12% APR🔥

[zartafuydo]

You start the message with 0 doubts saying "No"

Of course. To check that cloudfare sends your website the same way to various IP address, you (or someone who you trust) need to have either physical access to that requesting IP address, or remote one. This is not my assumption, misunderstanding, or misinterpretation, this is just how internet works. Speaking of particular ways of checking remote access, the three I mentioned were the most obvious examples (and they often can be checked even without being cloudfare and without controlling the outgoing traffic from your various IP addresses), but cloudfare definitely had more time to think about this detection as well as much more data to analyze, including the outgoing traffic. This way they can check the computer knowledge level of the users at that IP as well.

An 'estimate' is still not enough. They need to be right in 100% of cases to perform a large scale attack

Again, this is wrong. The price of a "false negative" result of a check by cloudfare (they think you are checking them for spoofing, while this was a third-party user trying to mix his or her bitcoins) is just that they miss the tracking of this particular user and will not be able to reprt him or her to the authoriries in the future. This will not prevent cloudfare from tracing and reporting other users.

And the price of "false positive" (you are checking, but cloudfare doesn't recognize you) is not too bad for cloudfare either. At worst, they will lose your webiste if you decide not to use their "ddos-protection" ever again (and even this you don't say, you just say "automatically shut down the clearnet version", but you don't say how long you are going to keep it down). As for the other webistes they MITM/"ddos-protect", your observation of spoofing will not really have much effects with cloudfare's already-terrible reputation. And for your users who already mixed their bitcoins, it will already be too late.

So, 100% accuracy is not necessary for cloudfare. Even 30% false negative with 0% false positive does not contradict the observations you say here, in this thread.

We already said Cloudflare is a temporary solution implemented for a very short period of time until we gain more popularity, 'an eternal battle' doesen't seem accurately worded

Where did you say it's temporary? If it's temporary, then: as long as you collaborate with cloudfare, this continues to be a battle of shield and spear at best, for all of the period you use cloudfare.

so really there is no way to be 100% sure that a clearnet website is secure

I agree with this. But I don't think it's a good reason to introduce one more attack vector. You could disable https altogether with the same reasoning.

If you host the server somewhere then it could be wiretapped/spied on by the provider etc

If your server is not on-premises, this is one more attack vector, yes.

There is only one problem with this approach, Clearnet is mostly used by people who don't download Tor browser, so they probably won't download our app or use the CLI either.

A side-remark is that if there is no tampering with distribution of the tor address of your server, and there is no tampering with distribution of tor browser itself, then this is as secure as your own open-source app.

TLDR: A large scale attack is not possible in the way you described.

It is possible to organize an attack that will allow cloudfare to know the connection between a certain percentage of incoming and outgoing mixing transactions, even if not all of them.

[1714485685]

1714485685

[1714485685]

1714485685

[1714485685]

1714485685

[whirlwindmoney]

As I said last time we can agree to disagree, but it's obvious that either you don't understand how our system works, or you have other reasons for continuing this discussion and trying to spin the argument your way. No matter which one it is, you debunked your statements yourself so my 'job' is done and I won't reply to any further messages from you unless they contain suggestions or any sort of valid criticism.

Of course. To check that cloudfare sends your website the same way to various IP address, you (or someone who you trust) need to have either physical access to that requesting IP address, or remote one. This is not my assumption, misunderstanding, or misinterpretation, this is just how internet works. Speaking of particular ways of checking remote access, the three I mentioned were the most obvious examples (and they often can be checked even without being cloudfare and without controlling the outgoing traffic from your various IP addresses), but cloudfare definitely had more time to think about this detection as well as much more data to analyze, including the outgoing traffic. This way they can check the computer knowledge level of the users at that IP as well.

They can check whatever they want, it's not enough. Also as I said before remote access is irrelevant to the discussion so there is no reason to bring it up. The only scenario in which you were right and we were wrong is if Cloudflare managed to discover a magical 100% accuracy prediction model, and I think anyone with a bit of common sense would agree that this is impossible.

Again, this is wrong. The price of a "false negative" result of a check by cloudfare (they think you are checking them for spoofing, while this was a third-party user trying to mix his or her bitcoins) is just that they miss the tracking of this particular user and will not be able to reprt him or her to the authoriries in the future. This will not prevent cloudfare from tracing and reporting other users.

And the price of "false positive" (you are checking, but cloudfare doesn't recognize you) is not too bad for cloudfare either. At worst, they will lose your webiste if you decide not to use their "ddos-protection" ever again (and even this you don't say, you just say "automatically shut down the clearnet version", but you don't say how long you are going to keep it down). As for the other webistes they MITM/"ddos-protect", your observation of spoofing will not really have much effects with cloudfare's already-terrible reputation. And for your users who already mixed their bitcoins, it will already be too late.

'false negative' percentage is irrelevant in this discussion, there is no reason to mention it

'false positive' is what matters and the scope of this discussion, since that's what we are checking. While Cloudflare may have a terrible reputation already, I have not heard of any proven cases where they spoofed a website, and I seriously doubt they'd risk this being the first time it happens while we are such a small platform, not to mention we would have undeniable proof of it all. This paired with the fact that if it happens once we would quit using Cloudflare immediately makes the 'price of a false positive' the complete opposite of 'not too bad' for Cloudflare. You are free to think otherwise of course.

So, 100% accuracy is not necessary for cloudfare. Even 30% false negative with 0% false positive does not contradict the observations you say here, in this thread.

So you say they don't need 100% accuracy, but then proceed to give the only example where an attack would be possible while completely ignoring the fact that even in this case they would still need 100% accuracy .

Thank you for confirming our theory is right nonetheless, even though it certainly wasn't your intention. Just to be clear for everyone: 0% false positive means 100% accuracy needed from Cloudflare. Even 1 false positive means over 0% false positive or under 100% accuracy, however you want to count it. Once is all we need to have undeniable proof of it all and at that point we obviously would never use Cloudflare or any other 'DDoS protection' ever again. Simple as that

Also don't forget about this:

4.There are multiples of times more requests made by us than from real users so statistically speaking their chance to be successful for even a day is incredibly small, let alone for a long period of time.

Where did you say it's temporary? If it's temporary, then: as long as you collaborate with cloudfare, this continues to be a battle of shield and spear at best, for all of the period you use cloudfare.

Correct, and considering that as soon as Whirlwind gains more popularity and we confirm that it's a viable business model we will switch back to our own proprietary solution we do not consider this to be an issue.

TLDR: A large scale attack is not possible in the way you described.

It is possible to organize an attack that will allow cloudfare to know the connection between a certain percentage of incoming and outgoing mixing transactions, even if not all of them.

Again, a large scale attack is not possible in the way you described, our previous response was entirely accurate as long as cloudflare didn't discover the only 100% accuracy prediction model that ever existed which IMO is safe to assume didn't happen.

[John Abraham]

I am moving the discussion from the Signature Campaign thread to this thread since it's more relevant here. Responding to your previous post here.

The Note Public Address is in fact the Legacy Bitcoin address corresponding to the private key you saved, the only difference is that every '1' is changed to 'ww' so again, you can easily distinguish a Whirlwind Note from a Bitcoin address.

Example:
ww-L4xK361wZYYxJg7vSwXgDTVBVXY4JfgYrUU5QZic2nNB9PUbMzbt - Note Private Key
ww8Sf8x3GBUiTxg55RQEzynf2Cdyy7F1ihh - Note Public Address

L4xK361wZYYxJg7vSwXgDTVBVXY4JfgYrUU5QZic2nNB9PUbMzbt - Bitcoin Private Key
18Sf8x3GBUiTxg55RQEzynf2Cdyy7F1ihh - Legacy Bitcoin address

Okay. This increased my confusion further. Let's say I am not a Bitcointalk user, and I am not a signature participant too. I am an average Joe from a Google search and want to mix my Bitcoin. How do I suppose to know that I have to replace that ww with 1? I mean, I did not find any explanation or any instruction regarding the address. I never saw a Bitcoin Address Start with ww, so I asked in the signature campaign thread.

ww2xmfzikTonuQc3iw7Xezvd9qwHibxryRj This is the Note Public address I got from my note, and the description/ I button says You can share this public address with other users to receive payments. What if someone sends their Bitcoin to this address without replacing the ww with a 1? I know some wallets will give a warning that it's an incorrect Bitcoin address, just like my Electrum wallet did, but my question is still the same how is an average Joe supposed to know that this is a Legacy address and he has to send his Bitcoin to 12xmfzikTonuQc3iw7Xezvd9qwHibxryRj and not to ww2xmfzikTonuQc3iw7Xezvd9qwHibxryRj.

[LoyceV]

I'll take a post from the signature thread here too:

The Note Public Address is in fact the Legacy Bitcoin address corresponding to the private key you saved, the only difference is that every '1' is changed to 'ww' so again, you can easily distinguish a Whirlwind Note from a Bitcoin address.

Allow me to nitpick: you mean the first '1', not every '1'.

[o_e_l_e_o]

I never saw a Bitcoin Address Start with ww, so I asked in the signature campaign thread.

It is not an address on the bitcoin network, but rather an address on the Whirlwind platform.

What if someone sends their Bitcoin to this address without replacing the ww with a 1?

They should be sending coins via the Whirlwind website (not via a bitcoin wallet) to the address which starts with "ww".

I know some wallets will give a warning that it's an incorrect Bitcoin address, just like my Electrum wallet did, but my question is still the same how is an average Joe supposed to know that this is a Legacy address and he has to send his Bitcoin to 12xmfzikTonuQc3iw7Xezvd9qwHibxryRj and not to ww2xmfzikTonuQc3iw7Xezvd9qwHibxryRj.

Sending coins to 12xmfzikTonuQc3iw7Xezvd9qwHibxryRj via a standard bitcoin transaction will not have them show up on Whirlwind. This is just a standard bitcoin transaction. You could access these coins by importing your Whirlwind private key in to a normal wallet, but this transaction has nothing to do with Whirlwind.

If someone wants to send coins to ww2xmfzikTonuQc3iw7Xezvd9qwHibxryRj, then they do so via the pay to note feature on Whirlwind. These coins will only show up on Whirlwind and will not show up on the bitcoin network.

It is not possible to use Electrum (or any other bitcoin wallet) as you have tried to do to sends coins to an address which begins with "ww", as such a transaction will be invalid.

[whirlwindmoney]

I'll take a post from the signature thread here too:

The Note Public Address is in fact the Legacy Bitcoin address corresponding to the private key you saved, the only difference is that every '1' is changed to 'ww' so again, you can easily distinguish a Whirlwind Note from a Bitcoin address.

Allow me to nitpick: you mean the first '1', not every '1'.

You are right apologies for the confusion.

It should work either way though, actually you don't even need to change 1 to ww and Pay to Note will still work. We tried to make it as hard as possible to make an actual mistake that would result in loss of funds for a user. As long as you have the private key you have nothing to worry about. For example if you want to use Pay to Note you can send to either one of these 3 addresses and it would still work:

18Sf8x3GBUiTxg55RQEzynf2Cdyy7F1ihh
ww8Sf8x3GBUiTxg55RQEzynf2Cdyy7F1ihh
18Sf8x3GBUiTxg55RQEzynf2Cdyy7Fwwihh

For 'on-chain' withdraws only the real Bitcoin address is accepted as valid, so only the first option from above.

Okay. This increased my confusion further. Let's say I am not a Bitcointalk user, and I am not a signature participant too. I am an average Joe from a Google search and want to mix my Bitcoin. How do I suppose to know that I have to replace that ww with 1? I mean, I did not find any explanation or any instruction regarding the address. I never saw a Bitcoin Address Start with ww, so I asked in the signature campaign thread.

@o_e_l_e_o explained perfectly, I would add that the only way to make a Bitcoin deposit on Whirlwind is going through the deposit process on the website. (on the 'Create Note' tab generate a Note and select 'Yes' when asked 'Deposit now?', after you go to the next step and you will get the Bitcoin address where you're supposed to send your deposit)

[zartafuydo]

I have not heard of any proven cases where they spoofed a website

If you say you didn't catch them on spoofing your website, I can believe you. If you say you've never heard about them altering the contents of a single http request, this still sounds plausible because it is hard to detect such alteration. But if you say you've never heard about them cutting off pieces of webpages by breaking some of the (many) http requests a browser makes when it loads a (single) page, thus also damaging webpages' integrity, I will not believe you. Cloudfare does this all the time, and this is easily detectable by looking at the list of http requests and their results in "web developer tools" in a browser.

this being the first time it happens while we are such a small platform

Your website doesn't have to be even the first case of altering the contents of a single http request. If you don't know about such precedents, this doesn't mean they don't exist. They may just stay completely unnoticed if the admins of those previous websites don't access them from various IPs.

we obviously would never use Cloudflare or any other 'DDoS protection' ever again

This is better than what you said before "automatically shut down the clearnet version" (without any plans for the future), but still, the only price for cloudfare we are sure about is just one website leaving them. You are taking for granted that this is "the complete opposite of 'not too bad' for Cloudflare", while this is doubtful to say the very least, especially given the fact how obviously they damage other websites, as I explained two paragraphs above. What's worse, you put your users safety in dependence of the actual validity of this claim that you just take for granted.

completely ignoring the fact that even in this case they would still need 100% accuracy

I'm not ignoring anything, it's just you pretend I'm ignoring. As long as cloudfare has 0% false positive, their attack does not contradict your observations you describe here. Once 1% false positive happens, your observations will not anymore be the same as you described here until now. But this alone does not yet mean that 100% accuracy is necessary for cloudfare for all the time in foreseeable future. In simple words: they could have some luck so far.

we would have undeniable proof of it all

Unless your server is closely monitored by a third-party, you will not have undeniable proof for anyone except yourself. Cloudfare can claim that it were you who put the damaged files at your physical server, and you will not have evidence it wasn't there. And if someone else independent closely monitors your server and can witness that the files there were not changed, this is even worse, because this third-party access is also a danger for the security of your users.

remote access is irrelevant to the discussion so there is no reason to bring it up.

It is relevant: absence of remote access and distance from your physical location means lower a priori probability for cloudfare that you are testing them, they can rely on this information.

Again, a large scale attack is not possible in the way you described

Again, it is possible. At some point cloudfare might get caught, but before that they will have already collected a "large scale" of users' data.

I won't reply to any further messages from you unless they contain suggestions or any sort of valid criticism.

You can call my criticism "invalid" as much as you like, but I still can (and do) warn other users about the risk of their data being accessed by cloudfare.

[JollyGood]

As all the ww-address transactions take place on Whirlwind and are not associated with the Bitcoin network, the question then arises how safe or secure is the database is that contains all the details of the addresses and transactions. Is it encrypted at REST?

If someone wants to send coins to ww2xmfzikTonuQc3iw7Xezvd9qwHibxryRj, then they do so via the pay to note feature on Whirlwind. These coins will only show up on Whirlwind and will not show up on the bitcoin network.

It is not possible to use Electrum (or any other bitcoin wallet) as you have tried to do to sends coins to an address which begins with "ww", as such a transaction will be invalid.

[John Abraham]

It is not an address on the Bitcoin network, but rather an address on the Whirlwind platform.

Thanks for the explanation. Once again, How is an average Joe supposed to know who is new to mixing and wants to mix their coins? The I Button says You can share this public address with other users to receive payments. Don't you think it will be better to write a warning there, like do not send your Bitcoin to this address? However, the address is invalid, and I guess people won't be able to send Bitcoin to this address.

They should be sending coins via the Whirlwind website (not via a bitcoin wallet) to the address which starts with "ww".

Again, A random user from a Google search doesn't know how this Note system works. There is no guide on the website. Also, Their FAQ Still says this; Check the image, please.



The user will be confused if he sees there are two answers for the Note Feature. But, We know the first note system is not there anymore. The Next Question in F.A.Q is How to create a Note to receive Bitcoin from other people? It would be good if you write How to create a Note to receive Bitcoin from another user of Whirlwind?. Other People and Users are different.

Edited Out

As You said, These are Legacy Bitcoin addresses. I searched my address on Blockchain, and it seems it is valid. For testing purposes, I've sent a few Satoshis. I am not sure if it has anything to do with Whirlwind. I am curious if it's reached whirlwind. Since it's a small amount and doesn't meet the minimum deposit requirement, It won't appear in my balance. But I am curious if Whirlwind received the transaction.  https://blockchair.com/bitcoin/address/12xmfzikTonuQc3iw7Xezvd9qwHibxryRj

[whirlwindmoney]

As all the ww-address transactions take place on Whirlwind and are not associated with the Bitcoin network, the question then arises how safe or secure is the database is that contains all the details of the addresses and transactions. Is it encrypted at REST?

The databases (backend and the 3 signers) only contain the encrypted Note public addresses and their balances, no sensitive information about deposits/withdrawals or pay to note transfers. Whenever a user performs an action it has to be validated by the backend and all 3 signers individually. These proofs are deleted immediately after their use.

Whirlwind is based on a backend + validator (signer) model. The backend interacts with users by generating deposit addresses and processing withdrawals, while the validators (signers) validate all of the backend's actions. Whenever a withdraw transaction is being sent, the signatures must be retrieved from all validators which are able to verify the transaction is correct.

When a user deposits BTC using the Note method, the backend sends the deposit hash to the validators and they assign credit to the Note’s public key. When the user wants to withdraw his BTC, he must send a signature to the backend which will process this. This signature will also be sent to the validators which will check it and remove credit from the note’s public key and whitelist the receiving addresses.

If an attacker compromises the backend server, he would not be able to forge user Note signatures in order to fool a validator to send him funds, because only the users have access to the Note’s private keys. Again, the proofs are deleted after their use.

Thanks for the explanation. Once again, How is an average Joe supposed to know who is new to mixing and wants to mix their coins? The I Button says You can share this public address with other users to receive payments. Don't you think it will be better to write a warning there, like do not send your Bitcoin to this address? However, the address is invalid, and I guess people won't be able to send Bitcoin to this address.

That appears only if you select No(Create only) when asked if you want to deposit now, but I understand your point and we will adjust the wording and info buttons to explain the process better.

As You said, These are Legacy Bitcoin addresses. I searched my address on Blockchain, and it seems it is valid. For testing purposes, I've sent a few Satoshis. I am not sure if it has anything to do with Whirlwind. I am curious if it's reached whirlwind. Since it's a small amount and doesn't meet the minimum deposit requirement, It won't appear in my balance. But I am curious if Whirlwind received the transaction.  https://blockchair.com/bitcoin/address/12xmfzikTonuQc3iw7Xezvd9qwHibxryRj

That is probably your Legacy Bitcoin address corresponding to your Note private key, it's not the deposit address. Whirlwind on-chain Bitcoin deposit addresses start with 'bc', as a rule of thumb if you are not on a page where you can download a Letter of Guarantee for the deposit you are not in the right place. Understood your point and we will make the process easier to understand for new users.

[JollyGood]

There is still a lot of mystery surrounding what was found on the disk recovered by authorities related to the CM money laundering website therefore is there any way to independently verify this claim. I am not doubting what you are saying but can the claim be proven?

As all the ww-address transactions take place on Whirlwind and are not associated with the Bitcoin network, the question then arises how safe or secure is the database is that contains all the details of the addresses and transactions. Is it encrypted at REST?

The databases (backend and the 3 signers) only contain the encrypted Note public addresses and their balances, no sensitive information about deposits/withdrawals or pay to note transfers. Whenever a user performs an action it has to be validated by the backend and all 3 signers individually. These proofs are deleted immediately after their use.

[LoyceV]

can the claim be proven?

I can't think of any way to prove you've deleted something. You can prove that you have something, but you can't prove that you don't have it. See the philosophical burden of proof:

to know that a X does not exist would require a perfect knowledge of all things

And even if a server would be audited, that doesn't guarantee it doesn't get changed later.

[John Abraham]

That appears only if you select No(Create only) when asked if you want to deposit now, but I understand your point and we will adjust the wording and info buttons to explain the process better.

Exactly. I was talking about the No (Create Only) option. Thanks for taking it into consideration.

That is probably your Legacy Bitcoin address corresponding to your Note private key, it's not the deposit address. Whirlwind on-chain Bitcoin deposit addresses start with 'bc', as a rule of thumb if you are not on a page where you can download a Letter of Guarantee for the deposit you are not in the right place. Understood your point and we will make the process easier to understand for new users.

Right. I thought it was an address from Whirlwind. But, I get it after your explanation. I've sent a few satoshis to that address. It's not much. Still, I will try to import the private key into a wallet and try to access the funds.

There is still a lot of mystery surrounding what was found on the disk recovered by authorities related to the CM money laundering website therefore is there any way to independently verify this claim. I am not doubting what you are saying but can the claim be proven?

Do they also recover data from the disks? I am curious what data they have collected. I mean, Mixers doesn't collect users' personal information. All they can have is your transaction hash and wallet address. I don't care about IP collection data as well. I don't think they can prove they don't store your info. I mean, it's not possible without giving you access to their server  . I know you don't want access to their server.

[mikeywith]

The goal of this pattern is to aggregate different deposits into a single pool, such that distinguishing between them becomes unfeasible. The only factor to keep in mind is that this pattern is useless if there are not many deposits of varying sizes, such that the set of probable suspects is too small. We aim to overcome this issue by launching the Anonymity Mining campaign. The more people use Whirlwind, the more secure it becomes for everyone. We will consider the bootstrapping phase over when the Anonymity Set crosses 10,000 deposits.

What is more important to the Anonymity set, the number of deposits or the total amount? if I understood correctly it's both, but according to what I understand from the "Anonymity Mining campaign" the goal is to increase the number of deposits only -- simply because when the 10,000 deposits number is reached there will be no incentives for people to keep their funds in the pool, so you would end up with 10k deposits and maybe next to nothing of BTC in the pool.

The reason why I ask is that I think there could be "easier" and probably "cheaper" ways to create those deposits if the only result required is a certain number of deposits, I understand that the pro of doing the Anonymity Mining campaign is that it would increase the level of trust since a mixer that ones had 1000 BTC and did not exit scam is unlikely to do so when they have 500 BTC.

[sam00]

What is more important to the Anonymity set, the number of deposits or the total amount? if I understood correctly it's both, but according to what I understand from the "Anonymity Mining campaign" the goal is to increase the number of deposits only -- simply because when the 10,000 deposits number is reached there will be no incentives for people to keep their funds in the pool, so you would end up with 10k deposits and maybe next to nothing of BTC in the pool.

The reason why I ask is that I think there could be "easier" and probably "cheaper" ways to create those deposits if the only result required is a certain number of deposits, I understand that the pro of doing the Anonymity Mining campaign is that it would increase the level of trust since a mixer that ones had 1000 BTC and did not exit scam is unlikely to do so when they have 500 BTC.

As far as my understanding goes, we need both the deposits and also the deposit sums to establish a certain amount of anonymity.
Since the anonymity mining campaign rewards the user with a fixed percentage of their deposit, there is an incentive to deposit higher amounts. There is pretty much no point in depositing 15$ to earn 1% each month ($0,15) especially with the current transaction costs. Therefore people would deposit more to earn more money. Please correct me if I am wrong but I think those are the key points.

As of right now, there havent been an unusual large amount of deposits since the anonymity campaign went live but that will probably change once there is an official announcement in Services.

[LeGaulois]

The number of deposits is more important than the amount of bitcoins. If it was all about the amount Whirlwind could easily do it themselves by adding xx BTC to the pool.

Not saying the amount is useless but the main point is to have many deposits, but also of different sizes, to make the system more effective

There is pretty much no point in depositing 15$ to earn 1% each month ($0,15) especially with the current transaction costs

minimum amount is at 0.001

Therefore people would deposit more to earn more money

Yeah but like everywhere. That's how it works: more you spend, more you're rewarded

[mikeywith]

The number of deposits is more important than the amount of bitcoins. If it was all about the amount Whirlwind could easily do it themselves by adding xx BTC to the pool.

Well, they could also do the latter themselves, in fact, it's easier to just split a couple of bitcoins into a dozen random outputs of different sizes and send them to the mixer, you can increase the number of deposits to 10,000 in a few hours and be done with it.

Also, if what you say is correct, then the mining campaign would reward people based on the number of deposits rather than the amount, so instead of someone sending a single deposit of 1 BTC, they could send 10*0.1 BTC, this will increase the number of deposits by 10 as opposed to just 1.

I believe both are equally important.

Say we have 4 Whirlwind pools.

Pool A has the following deposits:

1- 1 BTC from address 1111
2- 0.5 BTC from address 2222


a total of 1.5 BTC and 2 deposits, if I was to send 0.5 to mix it, the output with be 1 of 2, I either get 1 or 2.

Pool B has the following deposits:

1- 0.2 BTC from address 1111
2- 0.1 BTC from address 2222
3- 0.4 BTC from address 3333
4- 0.3 3BTC from address 4444

a total of 1 BTC and 4 deposits if I was to mix the same 0.5 BTC, the number of suspects isn't exactly 4 in this case since I'll need to get at least 2 deposits, this means 4/2, and the suspect addresses will still be only 2 despite having 4 deposits in the pool.

Pool C would outperform pool B if it has:

1- 0.5 BTC from address 1111
2- 1 BTC from address 2222
3- 0.7 BTC from address 3333

it's 1 of 3 now, despite having fewer deposits.

Pool D which outperforms them all would be something like this:

1- 0.6 BTC from address 1111
2- 1.4 BTC from address 2222
3- 0.7 BTC from address 3333
4- 3.2 3BTC from address 4444

Of course, I could be wrong, this is just based on my understanding of how the multi-sig pool works, I hope to get more clearance and corrections of the different pool examples I posted above.

[sam00]

~

If you withdraw your bitcoin from whirlwind in multiple steps of lets say 0.1BTC to different addresses so the individual withdrawals can't be linked together then you don't necessarily need bigger deposits than the one you made yourself right?

Lets take this pool:
Deposit 1: 1,0BTC
Deposit 2: 0,3 BTC
Deposit 3: 0,1 BTC

Now you deposit 0,4 BTC and withdraw in steps of 0,1BTC. Every single withdrawal could have been initiated by any of the 4 (including yourself) deposits. 

[whirlwindmoney]

can the claim be proven?

I can't think of any way to prove you've deleted something. You can prove that you have something, but you can't prove that you don't have it. See the philosophical burden of proof:

to know that a X does not exist would require a perfect knowledge of all things

And even if a server would be audited, that doesn't guarantee it doesn't get changed later.

Correct, right now there is no way for us to prove this claim. As soon as we transition to the zk-SNARK based Note system it will be provably impossible for us to log any information but until then you have to take our word for it.

What is more important to the Anonymity set, the number of deposits or the total amount? if I understood correctly it's both, but according to what I understand from the "Anonymity Mining campaign" the goal is to increase the number of deposits only -- simply because when the 10,000 deposits number is reached there will be no incentives for people to keep their funds in the pool, so you would end up with 10k deposits and maybe next to nothing of BTC in the pool.

The reason why I ask is that I think there could be "easier" and probably "cheaper" ways to create those deposits if the only result required is a certain number of deposits, I understand that the pro of doing the Anonymity Mining campaign is that it would increase the level of trust since a mixer that ones had 1000 BTC and did not exit scam is unlikely to do so when they have 500 BTC.

Both are equally important. It's a very big difference between 2 Anonymity sets with 10,000 deposits each made up of the following numbers:

Pool A: 5,000 x 0.001BTC | 4,000 x 0.01BTC | 500 x 0.1BTC | 500 x 1BTC

Pool B: 2,000 x 0.001BTC | 2,000 x 0.01BTC | 2,000 x 0.1BTC | 2,000 x 1BTC | 2,000 x 10BTC

While Pool A's Anonymity Set would be secure enough for a 0.01BTC deposit that is withdrawn immediately, it wouldn't be the same if the same situation happened with 10BTC instead of 0.01 . On the other hand a 10BTC deposit in Pool B could be withdrawn immediately without anything looking 'out of the ordinary'.

We agree it would be better if the Anonymity Mining campaign would include other conditions besides the 10,000 deposits, such as out of those 10,000 there should be a minimum of 500 over 0.5BTC, 500 over 1BTC and 500 over 5BTC. We decided not to impose these 'limits' because we assumed 10,000 deposits is a big enough number and people would deposit varied enough amounts regardless if we ask for it or not, but we may be wrong. What's your opinion on this?

As much as people don't want to hear it, 'anonymity' and more generally 'mixing' on Bitcoin are all about math and probabilities. Bitcoin is a public ledger available for anyone to review forever, now and at any point in the future. Keeping this in mind the only way to offer real anonymity is to have a scalable system, otherwise there are 0 reasons to use a centralized solution as opposed to Coinjoining yourself. Why would risk the operator stealing your funds, no matter how trusted he is, when you can get better privacy in a decentralized way? The only reason to ever use a centralized solution over a decentralized one should be if the centralized one offers exponentially better privacy.

We built Whirlwind because there is no other solution available that has the potential to stand the test of time. Think about any of our competitors and consider that all their addresses/clusters will be known in the future (if they are not already). Since there is a limit imposed on the delay, number of output addresses and fees, and there is no possibility to combine 2 deposits into a bigger output we strongly believe that anyone reviewing the flows will be able to deanonymize most if not all their users with relative ease.

On the other hand Whirlwind will only become stronger as time goes on thanks to the system it's based on, not weaker. Once we have a big enough Anonymity Set (something that is not possible for our competitors since their systems are fundamentally flawed and don't scale) there is simply no way to deanonymize users with certainty unless the user himself connects the transactions by using the same addresses or other similar mistakes.

Does the above make sense to you? If you have any questions or something is not clear enough please do not hesitate to ask. We will post a comparison with more details in the response to @fillippone question in this thread: https://bitcointalk.org/index.php?topic=5444933.80 .

The number of deposits is more important than the amount of bitcoins. If it was all about the amount Whirlwind could easily do it themselves by adding xx BTC to the pool.

Not saying the amount is useless but the main point is to have many deposits, but also of different sizes, to make the system more effective

We could and we will add more BTC ourselves but in order for this to be effective and not just an obvious sybil attack where we give users the false impression of a big Anonymity Set when in fact it's not, we need to add our reserve gradually blended with other real users deposits. We would rather take the time to do this the right way and not worry about anything coming back to bite us later.

The amount of BTC held in the multi-sig is not that relevant since we could add that ourselves, but it's very important that higher amount transactions happen (even if they are just deposits followed by a withdraw 1 hour later). Basically volume is more important than the multi-sig balance.

Of course, I could be wrong, this is just based on my understanding of how the multi-sig pool works, I hope to get more clearance and corrections of the different pool examples I posted above.

If we assume that you make a single 0.5BTC deposit and then withdraw 0.5BTC in one output then you are right with everything you said.

If we assume you make 5 x 0.1BTC withdrawals to different addresses that won't be connected afterwards then Pool D is almost the same with Pool B (assuming your 0.5BTC are already included in the figures you showed), the only difference being that in Pool B case you know for a fact that the outputs originated from at least 2 deposits while in Pool D case you can't know that.

[JollyGood]

A whole variety of wide ranging questions have been put forward in this threads and full credit to you for addressing (or trying to) each of those questions and comments. Since you mentioned it, how long will it approximately take before the process and be used by end users?

Correct, right now there is no way for us to prove this claim. As soon as we transition to the zk-SNARK based Note system it will be provably impossible for us to log any information but until then you have to take our word for it.