Delete old reserved post and replaced with this one as per instruction:
If you have a "Reserved" post, please delete it and make a new one that shows up after this has been posted. To avoid any confusion, I appreciate it!
My review is almost complete. I am just waiting for the transactions to finalize before I polish it off.
One thing I will say is that after the most recent update, I have found
zero flaws in the app. I do however have some suggestions which I will include in the review!
Review summaryMy Usage- I used the desktop interface with Javascript enabled. I did not try the mobile interface.
- I used the Note option and combined multiple notes. I did not use the Fast option as I believe the privacy level is inferior to the Note option.
- Tor browser & Linux OS. As
everyone should be using at a minimum when using a service like this one. Optimally, one should be using Tails.
Pros:- Extremely simple and easy to use interface.
- All processes are as instantaneous as they can get.
- The app works flawlessly as of the last update on 04/04. I did not experience any issues or speed bumps at any stage during my experience!
- Quite a cost effective solution. I paid around $14~ in network and service fees in total by using a minimal set fee.
Cons:- The mixing process offers a basic level of privacy (and probably should) be improved if it wants to remain viable in the long term.
- Javascript must be enabled for smooth usage of the app.
- Future pitfalls may arise for users if there is scrutiny against Whirlwind in the future due to the simple mixing process.
Short summaryUsing the platform was simple, easy and seamless. There was no delay caused on the platform itself (the only delays were waiting for confirmations). While the inside mechanisms have room for improvement, it's a good app with a great basis and a lot of potential.
My experienceFrom a UI perspective, the design is minimal and very pleasant on the eyes. I can't think of any flaws in it during the entire process.
For my test run, I chose the Note method over the fast method, to truly try out the privacy functionality of the app. To my understanding, depositing notes and combining them acts as a much better way to mix in comparison to the Fast method. I set the minimal fee to see how cost effective whirlwind is for attaining privacy, and completed the simple steps to make a deposit for each note.
After the first set of steps, the second step was just as easy. The notification that the deposit was received was real-time. Almost zero delay. Comforting!
As soon as my transactions had two confirmations, I refreshed and it reflected the information instantly.
After creating a note for a couple of transactions, I combined the notes easily on the combine interface, providing me with a singular note.
Now. Withdrawal! After entering my new note, I could easily configure how I wanted to receive my coins. I decided to post an example of how the interface looked in the image below, though chose a different configuration for my actual output.
At the time of writing, I received all coins on time and everything went smoothly. At the end of the whole experience, I paid a total of 0.0005 BTC~ ($~14.2) in network and service fees in exchange for Whirlwind providing my Bitcoin with a basic level of privacy.
SuggestionsSuggestion #1 - Improve the mixing processFor those wondering how Whirlwind works, it's quite simple. An example of flow of the process is as follows:
1. Your input is received by Whirlwind.
2. Your input is moved to the Whirlwind hot wallet.
3. You receive your output from the Whirlwind hot wallet minus your chosen fee and after your chosen time delay.
If you are using the "Fast" option with one input and the same output, no matter what fee you use you can be sure that anyone that is trying to track your blockchain transactions will be able to match the output with the input and the use of the service would be quite worthless. If you must use "Fast", you must break up the inputs into multiple outputs and use the time delay. If you really want to achieve privacy, I believe that the best way to go is to create multiple notes, combine them and create multiple outputs of different value at different times.
No matter which method you choose however, it is very easy to distinguish that your input was sent to Whirlwind and that the output has come from the Whirlwind hot wallet. This should be noted if you do not want future receivers to know that you are using/have used Whirlwind. The pitfalls of this come forward if Whirlwind is ever black-listed or tagged by chainanalysis or another related company, or if Whirlwind is ever sanctioned (like TornadoCash). If this happens, all coins would be tainted. Whether you believe in tainted coins or not, any service that you use that does believe in tainted coins would probably ask you questions due to the usage of Whirlwind.
It should be noted as well that it is possible to receive outputs including inputs from your deposit. Use a longer time delay if you want to avoid this. It should become less common as the service increases in usage.
I believe that the service should be improved with a more sophisticated mixing process. I suppose that in its infancy, it is fine for the time being. Though I can't see it being viable for too long if there are interests who do not want Whirlwind to be a solution for privacy in the future. These forces evidently exist after recent events in the last month.
I suppose that one positive about the mixing process is that one can easily verify the reserves on hand. I was able to confirm that whirlwind controls at least 4.98 BTC at the time of writing (not including cold storage, if any)
Suggestion #2 - Ability to check status of outputsOne suggestion I believe that I can offer would be to add a way to check the progress of outputs. At this point in time, the moment you click "withdraw", you are given a message saying that the withdrawal was sent and that is it. There is no way to keep an eye on the status of the outputs and you are in a way "left in the dark" regarding its progress.
A simple page named "Check" which offers no more than a "pending" or "complete" information about the status of note outputs would be ideal, just to add some peace of mind for the user. It does not have to specify any sensitive information (such as time of arrival, delay or output address), just the amount and the status would suffice. Even finding a way to exclude the amount while still being able to identify outputs would probably make the page useful without adding any sensitive information at all to the page.
bc1q3muklj8egj72ux24vedjgtletu874whante403