Kruw (OP)
Member
Offline
Activity: 392
Merit: 97
assumevalid=0 and mempoolfullrbf=1
|
|
January 27, 2024, 10:22:22 AM Last edit: January 27, 2024, 12:58:28 PM by Kruw |
|
Yes, it doesn't appear the docs are extremely thorough for the coinjoin plugin. Here's the big red /!\ warning message that appears in BTCPay Server if you try to coinjoin with Tor off: https://github.com/raspiblitz/raspiblitz/issues/3729I would go further and say you absolutely should connect it to your own node. Samourai suffers from the same issue as does every light wallet, in that the entity running the server you connect to can link all your addresses together (as well as your IP, but obviously you should be running over Tor).
Whirlpool does use a central coordinator, so it is absolutely vital that you use it with your own node and Tor to keep your privacy from the central coordinator.
Whirlpool clients have Tor disabled by default, so I opened an issue to get a warning added to Samourai Wallet about the privacy leak, but they said that any PR that adds this warning will not be merged: https://web.archive.org/web/20230417145554/https://code.samourai.io/wallet/samourai-wallet-android/-/issues/458
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
kayirigi
Jr. Member
Offline
Activity: 35
Merit: 35
|
Chainalysis can demix Wabisabi protocol and do this for OFAC. Wabisabi is the only one of three coinjoin protocols which can be demixed like this. Here is government contract with Chainalysis https://archive.is/1zU9tChainalysis Rumker licenses include Observations and Nodes, which help locate where server nodes are running. This license also includes Wasabi Demixing services at no additional cost to OFAC, and with no limits to the number of requests.
|
|
|
|
Kruw (OP)
Member
Offline
Activity: 392
Merit: 97
assumevalid=0 and mempoolfullrbf=1
|
|
January 29, 2024, 02:29:18 AM |
|
Chainalysis can demix Wabisabi protocol and do this for OFAC. Wabisabi is the only one of three coinjoin protocols which can be demixed like this. Here is government contract with Chainalysis https://archive.is/1zU9tYou are lying, the document you linked was published a year before the WabiSabi protocol was in production. Feel free to try to trace a WabiSabi coinjoin yourself, no one else has been able to do it: you don't need to be a "whale" at all in order to receive absolutely zero privacy from a Wasabi coinjoin. Okay then, I'll call your bluff again- Here's 20 non whale non matching outputs from WabiSabi coinjoins, try to identify the inputs owned by even a single one of the 20 outputs (which would be 5%): 01 bc1q032caguldmlrrztmrwhv5wqveyywdu2rtmd740 02 bc1q6vgwhsfkg343mmh27vc6prg3clsd4xu3p68vyd 03 bc1qre8jjpu8p9taw8j44r39z56vfr4sw64d4wyaj4 04 bc1qarharg76gfcrvskfw46f67vtqzd6hxa9pnspp5 05 bc1q4sexgt2p96x3ytnjjttp59w6mkj00kedal3xze 06 bc1qwrf50wpjws5mhdg2rhdu5hy7nqdtl8z94lp75n 07 bc1qz0tal2udfpr20x793fdw6v8lzp2qze7z5zje64 08 bc1qqw2h7fa3n8vyxgqru664fmft2trl9sqh9kz3fp 09 bc1qsud748whmum4gpt2qu52z8gqlgzcjyvhd5w2a5 10 bc1qctvxddyvxupjj8w82m8w5grzn59arstlrnaauw 11 bc1qq2fl05cmmhkr3pzg8elyr859v2fpcltynrk2j5 12 bc1qvwkrd3aecrvql5j8mqkmketvw6g6qwzt4juprq 13 bc1qhc2565fac4lrgyfq6n0mzc0l86jeptfnv2um9x 14 bc1qat6445gutyl3qdz3zhmdng9cdt92mevjlvaljs 15 bc1qk5f3mz0fetccey4nyyjedlrmqstkz2hmun96ha 16 bc1q4tpvm378a9d4n0xcnjtwfwujtr8eatjzvru8dx 17 bc1qd5epyjpj6vuejdppj24wew5n4n5rzepjx2xnay 18 bc1qgafud63me5mffn00g90ch08jjn5h20umzwxd62 19 bc1q5u3f2ldrtqa7ea79a8hcd8kssgw2gmalk4uej9 20 bc1qa6n7g7r4j3nv78gzgzmuvg56em4guppckqpz7r
|
|
|
|
|
Kruw (OP)
Member
Offline
Activity: 392
Merit: 97
assumevalid=0 and mempoolfullrbf=1
|
|
January 29, 2024, 10:25:17 PM Last edit: January 30, 2024, 01:03:26 AM by Kruw |
|
This is exactly the sort of confusion a coinjoin is designed to cause You mistakenly thought that multiple inputs being spent together meant that they were linked to the same owner, but a coinjoin has inputs from multiple owners in the same transaction!Here is the exit merge transaction spending 2 outputs from the coinjoin worth 0.1 BTC each - 9273410e2994fa02fb1baa071d84a44fb4ad12ceba50a46eadfd24cf0dd7efa6 - let's analyze them: In the coinjoin, there are 13 outputs for 0.1 BTC:bc1qzy2dlcau905jwaktrlnqd7q2uu8m6296xe0y0t <- Exit merged bc1qykz79d67prjv73wej032kreyysumvg54wlqsc3 bc1qfdt9na0vqu94y0ltz97fg6ep0nztqrlhj4e6as bc1q26vktzc3uqhld6kgf0c0zgldh4t7wp665kfwm7 bc1qvged8zxdpcsxc3qe2pl62lsl3neprltrvtspn3 bc1qsl2sp0t87rsau6tusy465p9e5vq7r9y0ldns6a bc1qjpmncaadtk5ef32km44xa5z0mzsden78ev66ws bc1q5t00axlmeyg7crkq4rlh2qevdz8lcud8gl2q8h <- Exit merged bc1qe3s0vlsvu3rhd7w7dsswsgdj5k2t99e0f90a9n bc1q7whl0n3dvu5n3tjqd4g4r7antz70t96mhepn6v bc1q7cnu23w5rxlktdhm7322y7spe8kyj98dl6stwf bc1pdu3xkqcpwd6x9uhhy5rh536nevj9vzqkpqmnqjqkhuwpqp9zgrssjh3gwa bc1pkmkkpug5z2w6pn80kwlyev7v5nw6rukjae4cha2mz6vusz0ef98q5vcv9d By consolidating two inputs for 0.1 BTC in the payment, the owner retroactively reveals a coinjoin output value of 0.2 BTC. Does this cause him to lose any privacy? Let's check the original coinjoin transaction to find out... In the coinjoin, there are are 9 outputs for 0.2 BTC:bc1qxcfcgdqey4yc3cqjknea2spe8mw2r0k7n083t2 bc1qwezuexwx4lvafeg34ctzpny64fu3t9w8ngtngg bc1qs3ztep3w80pm3wz4htj2h9x4ewdug4hzaphfve bc1quqzcseygmad87g4plgf9yuxzss5r5q72w9g3w2 bc1qu7uj5tcdj5s2e23t08v0rsneejvfd6n0qrxf36 bc1qu77gevtnq6uky0vpjpl2ru96lus58p38qmpywc bc1p2mzlp34rqsyv7u28y6xdpypqapc8aeeuczuaaqzkv9snmnsenj2sw0uny9 bc1p742nnv0774t5gk8lt72t02wuupapt47dx00ddsq45zl9gedcw22qp3ayg2 bc1plmzmhejjuqykvnf00mue54egap3kjtl5qtcdzf4q6k7v87q34lqs37z3t5 The user stayed anonymous when merging his two 0.1 BTC outputs together since there's many possible ways to create 0.2 BTC as an output from the inputs of the original coinjoin. This transaction demonstrates how the "smart clients" arrange their output values so that merging smaller matching outputs together results in creating a larger amount with additional matches!This exit merge proves that even smaller denominations than 0.1 BTC are now also possible combinations that would add up to 0.2 BTC, adding even more anonymity! Let's check the original coinjoin transaction again to find some... In the coinjoin, there are are 13 outputs for 0.05 BTC:bc1qyttl3f9wu2zm3dwnytavs6eqk00glc3xng43ea bc1qye0g8qdjdl48c5hx7a69t5ekcgcemfrhx9z6sr bc1qxrgu0lv0ps50c9nf2efjq5zfdfruxejmfu8g8y bc1qgpwc5803au9cs95u38yz64jhdjrkpp4j249n9u bc1qt2wugrvm5nts263he4aj2ky2pghhdl90j0lx03 bc1qvzanwhhyf2tfcds3rts958jun84ves3xtc3gcp bc1qvgmnh5fzrqzx7uhhrcw6emzmktj4atqpn7ev9m bc1qdm9ae8rq0403ga5rshvw4vjd507t8chu4fn40k bc1q0ltpdzchc6eeytaafl7muhscdfejr2w269a8xl bc1q3z5cj7sx53lq8sqdkmflce0dzsaj6437zzqj3p bc1qhm4cd97znryr6rx4wqrsjj2shcpl44hhmsf8hz bc1qcww2qypj47vz52uw5y8m7cn7y8vvfxx7tnrajq bc1pncyek7s2m3tc9kwkswqnja8309gtmjgsykpa5jyahhv7yuavyugqlfpee5 On top of the possibilities of creating one output for 0.2 BTC, or two outputs for 0.1 BTC, it's also possible a user with 0.2 BTC on the input side created 4 outputs for 0.05 BTC instead! ___________________________________________________________________ How does this compare to Whirlpool exit transactions? Here's the kycp analysis of the Whirlpool exit transaction I traced in the OP: https://kycp.org/#/ce2f84f7c5ff74fb1da103acb7b279bd34f02f5e9e3a2e1b6417ce8b9b7392dbAll 20 postmix outputs merged were a direct descendant the same premix transaction, making it trivial to unmix. Unlike JoinMarket or WabiSabi, this user is not in control of remixing, he is dependent on the Whirlpool coordinator to push his coins deeper into the pool.
|
|
|
|
Kruw (OP)
Member
Offline
Activity: 392
Merit: 97
assumevalid=0 and mempoolfullrbf=1
|
|
January 31, 2024, 12:09:39 PM |
|
BlackHatCoiner, you merited a post above but you haven't responded to your previous conversation: Look. I agree you believe you educate people about Bitcoin privacy, but we have repeated this conversation around solutions for privacy quite a lot of times. The fact that you still quote these whirlpool messages, as if they even mean something substantial, shows with what tenacity you're trying to sabotage Samourai. What do you mean "as if they even mean something substantial"? These Whirlpool addresses are linked to each other.
|
|
|
|
kayirigi
Jr. Member
Offline
Activity: 35
Merit: 35
|
|
January 31, 2024, 08:02:01 PM |
|
blah blah blah stupidity
So exit merge on Wabisabi good. But exit merge on Whirlpool bad. LOL. And you think people believe this BS from a Wasabi worker? And you ignore 100% deterministic links. And address reuse. Wabisabi is a scam.
|
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1512
Merit: 7359
Farewell, Leo
|
|
January 31, 2024, 08:32:58 PM |
|
15 address reuses 13 exit merges 233 inputs linked 236 outputs linked Come on, kayirigi. Get over it, it's clearly the user's fault! Cya privacy! And extra extra bonus of HUNDREDS of outputs ground in to dust. 5000sats? 6561sats? Losing money for Wabisabi coinjoins which don't work!
What's dust? Gimme my 5000 sat that costed more than double that amount to be created! This is exactly the sort of confusion a coinjoin is designed to cause Oh! It's supposed to confuse the observers of the coinjoin, that explains everything! Let's start reusing addresses in both inputs and outputs then, as in Wasabi 1.0. That will definitely help, because we will confuse chain analysis even more. Why kind of a clown service reuses addresses in both sides in the first place? That will leave them so speechless that they will give up!
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
Kruw (OP)
Member
Offline
Activity: 392
Merit: 97
assumevalid=0 and mempoolfullrbf=1
|
|
January 31, 2024, 08:57:22 PM Last edit: February 01, 2024, 11:51:23 PM by Kruw |
|
BlackHatCoiner, you still haven't followed up on our original conversation about me linking Whirlpool addresses together: BlackHatCoiner, you merited a post above but you haven't responded to your previous conversation: Look. I agree you believe you educate people about Bitcoin privacy, but we have repeated this conversation around solutions for privacy quite a lot of times. The fact that you still quote these whirlpool messages, as if they even mean something substantial, shows with what tenacity you're trying to sabotage Samourai. What do you mean "as if they even mean something substantial"? These Whirlpool addresses are linked to each other. What's dust? Gimme my 5000 sat that costed more than double that amount to be created! Your math is wrong: At 37.5 sats/vbyte, it costs 1163 sats to create a segwitv0 output (31 vbytes) and 1612.5 sats to create a Taproot output (43 vbytes). Smart WabiSabi clients make sure to choose outputs that aren't dust: https://github.com/zkSNACKs/WalletWasabi/issues/10675However, Whirlpool clients create traceable dust outputs that cost more than their value to create. I reported this to Samourai, but the bug report was deleted without comment: https://web.archive.org/web/20231025112756/https://code.samourai.io/wallet/samourai-wallet-android/-/issues/461Oh! It's supposed to confuse the observers of the coinjoin, that explains everything! Let's start reusing addresses in both inputs and outputs then, as in Wasabi 1.0. That will definitely help, because we will confuse chain analysis even more. Why kind of a clown service reuses addresses in both sides in the first place? That will leave them so speechless that they will give up! As you noted already, the service does not choose the addresses, users choose their own addresses: Come on, kayirigi. Get over it, it's clearly the user's fault!
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1512
Merit: 7359
Farewell, Leo
|
|
January 31, 2024, 09:48:16 PM |
|
Your math is wrong: At 37.5 sats/vbyte, it costs 1163 sats to create a segwitv0 output (31 vbytes) and 1612.5 sats to create a Taproot output (43 vbytes). Smart WabiSabi clients make sure to choose outputs that aren't dust: https://github.com/zkSNACKs/WalletWasabi/issues/10675A segwitv0 output is 31 vbytes, but a witness input is around 68. That's 99 vb, multiplied by 37.5 = 3712.5. Yes, it is less than I wrongly calculated, but it is still waste of money for such a small output. (quoting old soundbites) I'm good at quoting old posts as well: As has been explained to Kruw dozens of times, the change output from Tx0s are sent to a separate account and deliberately segregated from your other UTXOs. There is no way to accidentally include them in a transaction. Any user consolidating their change output as has been done in the transaction he has linked to above is doing so deliberately. I understand that Kruw gets angry when people spend their bitcoin in ways that he personally doesn't approve of, but there is no bug here, just Kruw either being deliberately misleading or simply not understanding what is happening.
As you noted already, the service does not choose the addresses, users choose their own addresses B-b-but, I thought this ethos was unacceptable. I guess I can't argue against someone who takes the stance "Wasting your Bitcoin and ruining your privacy should be allowed." I know, I know... Just another confusion in the name of privacy!
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
Kruw (OP)
Member
Offline
Activity: 392
Merit: 97
assumevalid=0 and mempoolfullrbf=1
|
|
January 31, 2024, 10:28:29 PM Last edit: January 31, 2024, 10:44:12 PM by Kruw |
|
A segwitv0 output is 31 vbytes, but a witness input is around 68. That's 99 vb, multiplied by 37.5 = 3712.5. Yes, it is less than I wrongly calculated, but it is still waste of money for such a small output. What do you think of the dust problem in Whirlpool that wastes money for even smaller outputs? https://web.archive.org/web/20231025112756/https://code.samourai.io/wallet/samourai-wallet-android/-/issues/461I'm good at quoting old posts as well: As has been explained to Kruw dozens of times, the change output from Tx0s are sent to a separate account and deliberately segregated from your other UTXOs. There is no way to accidentally include them in a transaction. Any user consolidating their change output as has been done in the transaction he has linked to above is doing so deliberately. I understand that Kruw gets angry when people spend their bitcoin in ways that he personally doesn't approve of, but there is no bug here, just Kruw either being deliberately misleading or simply not understanding what is happening.
Using a different derivation path for the change output didn't stop those Whirlpool addresses from being linked together. Furthermore, I showed the proof of how I linked postmix Whirlpool outputs to the premix transaction that generated it, which no one ever addressed at all: The first is the fee to Whirlpool itself, which is a flat fee depending on the pool you are joining.
The flat pool entry fee structure is designed to incentivize worst privacy practices. Since fees are not collected directly based on volume, it is cheaper to participate in a smaller pool and create more outputs than participate in a larger pool and create less outputs. Additionally, it incentivizes revealing common inputs ownership of premix UTXOs since it is cheaper to consolidate them to enter the pool once than to enter the pool with each UTXO individually. Samourai has never explained why they purposely chose a fee structure that heavily penalizes the most private usage of their protocol. Because of this backwards design, you can easily link premix inputs to postmix outputs in many cases. Notice how this Whirlpool tx0 premix creates 70 outputs for 0.05 BTC - https://mempool.space/tx/63679c9ec82f246811acbab0c04cc0fc77ba050e1b6c23661d78afcfc13cf8aaNotice how every single input of this Whirlpool exit transaction is a direct descendant of rounds created by the aforementioned premix transaction: https://mempool.space/tx/ce2f84f7c5ff74fb1da103acb7b279bd34f02f5e9e3a2e1b6417ce8b9b7392dbWhen many inputs used in the postmix exit transaction are created directly from a round that the premix transaction entered, it makes it trivial to trace the user through Whirlpool. Fortunately, the user abandoned Whirlpool and upgraded to using the WabiSabi coinjoin protocol instead, which made him completely untraceable: https://mempool.space/address/bc1qjjw5gaglkycu2lm5fskl7qhktk0hec4a5me3daAs you noted already, the service does not choose the addresses, users choose their own addresses B-b-but, I thought this ethos was unacceptable. I guess I can't argue against someone who takes the stance "Wasting your Bitcoin and ruining your privacy should be allowed." I know, I know... Just another confusion in the name of privacy! Okay, since you seem to think there's a problem, what is the solution to the problem you are describing? How should the coinjoin protocol be changed?
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1512
Merit: 7359
Farewell, Leo
|
|
February 01, 2024, 09:30:39 AM |
|
You have already received your reply. Users are free to mess with their privacy and money. The client should not recommend them to do so, but if they nonetheless want to create dust outputs, they are free to do so. In the given transaction, it is clear that this was a conscious choice made by the user. Using a different derivation path for the change output didn't stop those Whirlpool addresses from being linked together. ... yes? That's because spending your received coins and change together is generally considered a feature? Furthermore, I showed the proof of how I linked postmix Whirlpool outputs to the premix transaction that generated it, which no one ever addressed at all You showed proof of a Whirlpool user consolidating the many post-mix outputs into one, which agrees with my initial statement that the user is free to mess up with their privacy. If you use Whirlpool in Sparrow wallet, trying to consolidating all these will warn you that it will appear as a self-transfer, and instead will suggest you into adding a mix partner. Okay, since you seem to think there's a problem, what is the solution to the problem you are describing? How should the coinjoin protocol be changed?
I don't think there's a problem with the user consciously deciding to harm their privacy and pocket. I think the problem lies with software that harms the user's privacy without them knowing.
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
Kruw (OP)
Member
Offline
Activity: 392
Merit: 97
assumevalid=0 and mempoolfullrbf=1
|
|
February 01, 2024, 11:13:38 AM |
|
You have already received your reply. Users are free to mess with their privacy and money. The client should not recommend them to do so, but if they nonetheless want to create dust outputs, they are free to do so. In the given transaction, it is clear that this was a conscious choice made by the user. They don't want to create change outputs though because the change addresses in Whirlpool are completely traceable: change can't be spent without linking your transactions together. These 305 sat and 933 sat Whirlpool outputs are in addresses 100% deterministically linked to the original owner, whereas the 5000 and 6561 sat outputs from WabiSabi are spendable because they are completely anonymous. ... yes? That's because spending your received coins and change together is generally considered a feature? Spending received coins and Whirlpool change together links those two transactions together. This isn't a feature, it's an unavoidable privacy leak. You showed proof of a Whirlpool user consolidating the many post-mix outputs into one, which agrees with my initial statement that the user is free to mess up with their privacy. If you use Whirlpool in Sparrow wallet, trying to consolidating all these will warn you that it will appear as a self-transfer, and instead will suggest you into adding a mix partner. So you think the Whirlpool user should consolidate their postmix outputs within a WabiSabi coinjoin to add mix partners? Makes sense. I don't think there's a problem with the user consciously deciding to harm their privacy and pocket. I think the problem lies with software that harms the user's privacy without them knowing.
If a user chooses to reuse a receive address for multiple payments, that's a conscious choice, not a problem with the software. For example, this Whirlpool user combined his traceable premix change output with his postmix outputs that were sent to a reused address: Whirlpool premix transaction: https://mempool.space/tx/f7e015cc5f84517e45c107e3c8385b49f6f5a1196ef87fe84f495754272387f5Whirlpool traceable change address: bc1q86n54k0f6gadrkhdsdut9r6ej3d8j68udrxggs Whirlpool postmix outputs in reused address merged with traceable change: https://mempool.space/tx/983c459268435613fa8a19eebb7d80afae76f684ca5a2481877b37a41aab5e5a
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1512
Merit: 7359
Farewell, Leo
|
|
February 01, 2024, 12:18:46 PM |
|
They don't want to create change outputs though because the change addresses in Whirlpool are completely traceable: change can't be spent without linking your transactions together. These 305 sat and 933 sat Whirlpool outputs are in addresses 100% deterministically linked to the original owner, whereas the 5000 and 6561 sat outputs from WabiSabi are spendable because they are completely anonymous. And it is the user's fault to consolidate badbank change with private coins. Change should be spent with other change, and not with private coins, which is the reason why Sparrow doesn't even allow you to mess that up, unless you deliberately combine them in a separate transaction. Spending received coins and Whirlpool change together links those two transactions together. This isn't a feature, it's an unavoidable privacy leak It is very avoidable. You simply choose to never combine change and private coins in one transaction. So you think the Whirlpool user should consolidate their postmix outputs within a WabiSabi coinjoin to add mix partners? Makes sense. The Whirlpool user can gather change, and once the amount is sufficient, send them over to Whirlpool. If a user chooses to reuse a receive address for multiple payments, that's a conscious choice, not a problem with the software. Good, so we agree. The problem with Wasabi 1.0 was that it reused addresses in both sides, which is 100% a software problem. The problem with WabiSabi coinjoins is the same as with consolidating Whirlpool private coins without a mix partner; input / output merges, which possibly belong to the same wallet. WabiSabi coinjoins contain lots of them. Have you checked the kycp.org link?
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
Kruw (OP)
Member
Offline
Activity: 392
Merit: 97
assumevalid=0 and mempoolfullrbf=1
|
|
February 01, 2024, 01:05:10 PM Last edit: February 01, 2024, 01:29:25 PM by Kruw |
|
And it is the user's fault to consolidate badbank change with private coins. Change should be spent with other change, and not with private coins, which is the reason why Sparrow doesn't even allow you to mess that up, unless you deliberately combine them in a separate transaction.
It is very avoidable. You simply choose to never combine change and private coins in one transaction. Whirlpool change should ABSOLUTELY NOT BE SPENT with other change because it will link both payments that created those change outputs together. Satoshi identified this common input heuristic in the Bitcoin whitepaper: As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner. The Whirlpool user can gather change, and once the amount is sufficient, send them over to Whirlpool. You don't seem to understand, This user already Whirlpooled his coins and he was traced anyways:Here's the user's Whirlpool premix transaction: https://mempool.space/tx/63679c9ec82f246811acbab0c04cc0fc77ba050e1b6c23661d78afcfc13cf8aaHere's the Whirlpool postmix transaction where the user was tracked: https://mempool.space/tx/ce2f84f7c5ff74fb1da103acb7b279bd34f02f5e9e3a2e1b6417ce8b9b7392dbGood, so we agree. The problem with Wasabi 1.0 was that it reused addresses in both sides, which is 100% a software problem. It's not a "software problem": Can you explain how to fix this "software problem" of an address being reused on both sides of a coinjoin?Alice registers an input from bc1qalice Bob registers an input from bc1qbob Alice registers an output to bc1qanonalice Bob registers an output to bc1qalice Alice's address is being reused on the input side and the output side of the coinjoin. Clearly, Alice would want to sign this coinjoin transaction if it pays both bc1qalice and bc1qanonalice since she's getting more money than she expected initially. Can you explain how Alice receiving extra money would be a "software problem"? The problem with WabiSabi coinjoins is the same as with consolidating Whirlpool private coins without a mix partner; input / output merges, which possibly belong to the same wallet.
WabiSabi does not share Whirlpool's problem because you can send payments directly to its destination in the WabiSabi coinjoin itself without revealing multiple inputs belong to the same wallet. WabiSabi coinjoins contain lots of them. Have you checked the kycp.org link?
Yes, I already educated you how kycp has identified the remixing that WabiSabi users participate that massively increases their privacy: Where's the flaw? All those outputs are private.
There are 262 input and 294 output collaborators That's called "remixing", those 262 inputs and 294 outputs gained even more privacy by participating in multiple coinjoin transactions. It's not a flaw, it's an advantage, because someone trying to track the flow of someone's coins now have to consider inputs from previous transactions and spends from future transactions.
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1512
Merit: 7359
Farewell, Leo
|
|
February 01, 2024, 01:28:49 PM |
|
Whirlpool change should ABSOLUTELY NOT BE SPENT with other change because it will link both payments that created those change outputs together. Unless the user approves linking the outputs together. Sure, generally speaking it is a bad practice, because you reveal common ownership, but if you mix regularly and receive coins from a specific source, then consolidating toxic change with other toxic change might be acceptable by the user. You don't seem to understand, This user already Whirlpooled his coins and he was traced anyways The user chose to consolidate a dozen private coins into one. I agree it was a very bad practice, but it is not Whirlpool's fault. It's not a software problem: Can you explain how to fix this "software problem" of an address being reused on both sides of a coinjoin? Yes, do not allow the coordinator to accept creating outputs with the same addresses as the inputs. Alice registers an input from bc1qalice Bob registers an input from bc1qbob Alice registers an output to bc1qanonalice Bob registers an output to bc1qalice Why would Bob pay another input of the coinjoin? WabiSabi does not share Whirlpool's problem of revealing input consolidation in payments because you can send payments directly to its destination in the coinjoin itself. WabiSabi coinjoins literally have identifiable input and output merges, which I agree that they happen on multiple coinjoins that obscure the ownership, but reveal quite a lot of information. See kycp.org/#about on input / output collaborations and merges.
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
Kruw (OP)
Member
Offline
Activity: 392
Merit: 97
assumevalid=0 and mempoolfullrbf=1
|
|
February 01, 2024, 01:57:40 PM Last edit: February 01, 2024, 02:28:17 PM by Kruw |
|
Unless the user approves linking the outputs together. Sure, generally speaking it is a bad practice, because you reveal common ownership, but if you mix regularly and receive coins from a specific source, then consolidating toxic change with other toxic change might be acceptable by the user. What should users do with their Whirlpool change since they can't spend it to anyone besides the specific source who originally sent them the coins in the first place? The user chose to consolidate a dozen private coins into one. I agree it was a very bad practice, but it is not Whirlpool's fault. It is Whirlpool's fault because Whirlpool doesn't allow you to consolidate your coins privately like WabiSabi enables. Yes, do not allow the coordinator to accept creating outputs with the same addresses as the inputs. Why would Bob pay another input of the coinjoin? Your solution would allow Bob to DoS the coinjoin coordinator by choosing an output address that matches one of the input addresses. WabiSabi coinjoins literally have identifiable input and output merges, which I agree that they happen on multiple coinjoins that obscure the ownership, but reveal quite a lot of information. See kycp.org/#about on input / output collaborations and merges. What information was revealed from the 262 input collaborators and 294 output collaborators in the WabiSabi coinjoin you linked? https://kycp.org/#/710d395ca20709096a0778927cb960a466be675b188a234b9b52ffb88bb97a3e
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1512
Merit: 7359
Farewell, Leo
|
|
February 01, 2024, 03:03:28 PM |
|
What should users do with their Whirlpool change since they can't spend it to anyone besides the specific source who originally sent them the coins in the first place? Personally, I combine toxic change with other toxic change where lack of privacy is minimum. I don't use it that much anymore though, because Monero is simply superior than both of you. There is an entire article on what to do with toxic changes, though: https://bitcoiner.guide/doxxic/. It is Whirlpool's fault because Whirlpool doesn't allow you to consolidate your coins privately like WabiSabi enables. It has been said multiple times already that it allows you to consolidate them with a mix partner. At this point, you're just repeating the same soundbites. WabiSabi != Whirlpool, so yeah, it doesn't allow you to consolidate just as WabiSabi does. Your solution would allow Bob to DoS the coinjoin coordinator by choosing an output address that matches one of the input addresses. No. The coordinator would simply refuse to work on a coinjoin where outputs contain addresses from inputs, just as you've programmed it to refuse "naughty" coins. Nothing is provably revealed, in the sense that I can be 100% sure to ownership identification, just as if I send all of my coins to a single address, you can't tell if it was self-transfer or I spent them to a merchant. But, privacy is about possibilities, and input / output collaborations and merges only worsen uncertainty. There is an entire analysis technique called Boltzmann score that computes resistance to this potential linking. WabiSabi coinjoin is worse in that matter, as it appears in kycp.org.
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
Kruw (OP)
Member
Offline
Activity: 392
Merit: 97
assumevalid=0 and mempoolfullrbf=1
|
|
February 01, 2024, 03:38:59 PM Last edit: February 01, 2024, 04:04:38 PM by Kruw |
|
Personally, I combine toxic change with other toxic change where lack of privacy is minimum. Why not use WabiSabi instead of Whirlpool so you don't have toxic change and have no lack of privacy at all? It has been said multiple times already that it allows you to consolidate them with a mix partner. At this point, you're just repeating the same soundbites. WabiSabi != Whirlpool, so yeah, it doesn't allow you to consolidate just as WabiSabi does. You can't consolidate UTXOs in a Whirlpool coinjoin, there are always an equal amount of inputs and outputs. No. The coordinator would simply refuse to work on a coinjoin where outputs contain addresses from inputs, just as you've programmed it to refuse "naughty" coins. Having the coordinator ban Alice because Bob registered an output to her input address doesn't solve the DoS issue. Nothing is provably revealed, in the sense that I can be 100% sure to ownership identification, just as if I send all of my coins to a single address, you can't tell if it was self-transfer or I spent them to a merchant. But, privacy is about possibilities, and input / output collaborations and merges only worsen uncertainty. What possibilities were eliminated by the 262 input collaborators and 294 output collaborators in the WabiSabi coinjoin you linked? https://kycp.org/#/710d395ca20709096a0778927cb960a466be675b188a234b9b52ffb88bb97a3eYou claimed before that these input and output merges are "literally identifiable" but you are literally unable to identify any additional information presented at all from these merges taking place. There is an entire analysis technique called Boltzmann score that computes resistance to this potential linking. WabiSabi coinjoin is worse in that matter, as it appears in kycp.org. It says "no Boltzmann available" for WabiSabi coinjoins on kycp.org.
|
|
|
|
|