Congrats on the AgoristRadio program. For general economies of scale, it's good to see the two main laundries converge. I have a question about Bitcoin Laundry and server logs so apologies if this has already been discussed and answered elsewhere (I couldn't find it). What is your company's policy on server logs and client confidentiality?
Also, what is your opinion of the approach by https://blindbitcoin.com/security.html
Hi Jon. Thanks, and nice to hear from you.
bitcoinlaundry.com in its current incarnation will probably just go away and become a redirect to app.bitlaundry.com, which is a much more robust system, so I'll talk about logging in the latter.
BitLaundry runs on Google Appengine (for now), and uses two datastore tables: schemes and sends. A user comes to the site, enters destination addresses and schedule information, and then confirms. That creates a record in the schemes table, which then waits for Bitcoins to arrive. When a payment arrives to an address associated with a scheme, the application then creates send records according to the schedule, and deletes the scheme record. As each send is processed (periodically via a cron job), the send records are deleted.
Whereas bitcoinlaundry.com uses some account-labeling code as the equivalent of a scheme database, and thus the app's wallet at least is transiently aware of the entire scheme, the BitLaundry wallet knows nothing, and simply processes receives and sends as it's ordered to.
Since BitLaundry is still in (light) development mode, there is one exception to be aware of. Whenever a scheme is created, a payment is received or a send is conducted, Appengine sends me some XMPP debugging information. For now, I log this locally on my home PC both in order to track the app's activity and to be able to respond appropriately to any bugs.
At some point I'm going to move BitLaundry off of Google entirely and on to a VPS in a favorable jurisdiction where I can also link the application into TOR and I2P. The target then will be zero logging except for the transient database entries necessary to manage schemes and sends.
As for myself, if guys with guns turn up at the door demanding the app's wallet's transaction and account data, they can have it. It won't show them any more than the Block Explorer site would anyway. Aside from that, BitLaundry collects no personal information, sends no email, and I don't talk about its usage other than in the abstract.
The blind bitcoin site sure looks interesting after a cursory reading. I'll dig into that some more; it's also a nice approach.