Bitcoin Forum
November 23, 2017, 07:23:38 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 6 7 8 9 10 [All]
  Print  
Author Topic: [ANNOUNCE] TORwallet - anonymous mixing wallet service  (Read 29104 times)
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 13, 2012, 06:30:43 PM
 #1

Mod note: probable scam.


We are proud to announce the opening of TORwallet. After weeks of development and testing we are ready to open to the public.

We operate virtually identically to instawallet, except for the fact that we are only accessible over Tor and our service is designed to mix coins as it is used. The more users we have, the more anonymous withdrawn coins will be.

For a small fee, users can request to have all coins on TORwallet sent to the same address in a single transaction, mixing them so that it becomes impossible to tell which input a withdraw comes from.

You probably want to know why you should trust us. Our answer is don't. Only deposit as many coins as you are willing to lose while we build trust in the community.

http://nci2szjrwjqw2zbi.onion/

http://torwallet.net/

Code:
SHA1 Fingerprint:

6B:81:E3:55:B7:F7:B6:71:33:CA:5C:20:73:7D:18:A4:A1:4i0:D0:B1

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
1511465018
Hero Member
*
Offline Offline

Posts: 1511465018

View Profile Personal Message (Offline)

Ignore
1511465018
Reply with quote  #2

1511465018
Report to moderator
1511465018
Hero Member
*
Offline Offline

Posts: 1511465018

View Profile Personal Message (Offline)

Ignore
1511465018
Reply with quote  #2

1511465018
Report to moderator
1511465018
Hero Member
*
Offline Offline

Posts: 1511465018

View Profile Personal Message (Offline)

Ignore
1511465018
Reply with quote  #2

1511465018
Report to moderator
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511465018
Hero Member
*
Offline Offline

Posts: 1511465018

View Profile Personal Message (Offline)

Ignore
1511465018
Reply with quote  #2

1511465018
Report to moderator
1511465018
Hero Member
*
Offline Offline

Posts: 1511465018

View Profile Personal Message (Offline)

Ignore
1511465018
Reply with quote  #2

1511465018
Report to moderator
1511465018
Hero Member
*
Offline Offline

Posts: 1511465018

View Profile Personal Message (Offline)

Ignore
1511465018
Reply with quote  #2

1511465018
Report to moderator
Daily Anarchist
Hero Member
*****
Offline Offline

Activity: 615



View Profile WWW
June 13, 2012, 06:58:39 PM
 #2

Very nice! Thank you for creating this. If I were starting any sort of new Bitcoin venture, it would likely be Tor accessible only. We really need to migrate to Onionland, IMO.

Discover anarcho-capitalism today!
Garr255
Legendary
*
Offline Offline

Activity: 952


What's a GPU?


View Profile
June 13, 2012, 07:00:02 PM
 #3

Very nice! Thank you for creating this. If I were starting any sort of new Bitcoin venture, it would likely be Tor accessible only. We really need to migrate to Onionland, IMO.

If we're legal and COM/ORG/NET land doesn't have a problem, then why?

“First they ignore you, then they laugh at you, then they fight you, then you win.”  -- Mahatma Gandhi

Average time between signing on to bitcointalk: Two weeks. Please don't expect responses any faster than that!
Daily Anarchist
Hero Member
*****
Offline Offline

Activity: 615



View Profile WWW
June 13, 2012, 07:01:32 PM
 #4

Very nice! Thank you for creating this. If I were starting any sort of new Bitcoin venture, it would likely be Tor accessible only. We really need to migrate to Onionland, IMO.

If we're legal and COM/ORG/NET land doesn't have a problem, then why?

Because we won't be legal forever. I'd be willing to bet cash money FedGov attacks Bitcoin within 3-5 years.

Discover anarcho-capitalism today!
Gabi
Legendary
*
Offline Offline

Activity: 1078


If you want to walk on water, get out of the boat


View Profile
June 13, 2012, 07:02:32 PM
 #5

Why not? If you are legal you have no problem being o ntor  Cheesy
Daily Anarchist
Hero Member
*****
Offline Offline

Activity: 615



View Profile WWW
June 13, 2012, 07:04:53 PM
 #6

I know Tor people get pissy about this sometimes. Perhaps a recommendation would be switching the name to TorWallet instead of TORwallet.

Discover anarcho-capitalism today!
dancingnancy
Hero Member
*****
Offline Offline

Activity: 588



View Profile
June 13, 2012, 07:13:05 PM
 #7

Interesting.

So, just to make sure I am getting this right.  When you go to the link you provided, the link that actually pops up in the URL bar is now "your" personal URL/wallet?  I have never used instawallet before, this looks pretty cool.  

The part I don't understand fully though is the mixing part.  It says they are mixed everyday regardless on the website?  So you would only pay extra if you wanted your coins "washed" immediately or something?

If you don't mind me asking, how do you plan on generating profit from this?  




                                         ▄
                 ▄▄████████▄▄         ▄▄██
 ▄▄           ▄██▀▀        ▀▀██▄    ▄███▀
 ▀███▄▄     ▄█▀                ▀█▄▄█████▀
  ▀██████▄▄█▀                ▄▄███████▀
   ▐█████████▄           ▄▄███████████
     ▀█████████▄▄      ▄█████████████
       ▀██████████    ███████████████
        ▐▀█████████  █████████████▀ ▐▌
        ▐▌ ▀▀██████ ▐███████████▀   ▐▌
        ▐▌      ▀██ ▐█████████▀     ▐▌
         █        ▀  ██████         █
         ▐█          ▐█████▄       █▌
          ▀█▄         ▀██████▄   ▄█▀
            ▀█▄         ▀█████▌▄█▀
              ▀██▄▄       ▀▄▄██▀
                ▀▀████████▀▀
T
....ANGEL TOKEN....


                                         ▄
                 ▄▄████████▄▄         ▄▄██
 ▄▄           ▄██▀▀        ▀▀██▄    ▄█▀█▀ 
 ▀█▀█▄▄     ▄█▀                ▀█▄▄█  ▄█▀ 
  ▀█  ▀▀█▄▄█▀                ▄▄██░   █▀   
   ▐▄▄  ░░░▀█▄           ▄▄█▀▀░░░   ▄█     
     ▀█▄ ░░░▒▒█▄▄      ▄██▒▒▒▒▒░    █     
       ▀▄▄ ░░▒▒▒▓█    ██▒▒▒▒▒▒░   ▄▄█     
        ▐▀█▄░░▒▒▓██  █▓▒▒▒▒▒▒░  ▄█▀ ▐▌     
        ▐▌ ▀▀█▒▓███░▐█▓▒▒▒▒░░ ▄█▀   ▐▌     
        ▐▌      ▀██ ▐█▓▓▒▒▄▄▄█▀     ▐▌     
         █        ▀  █▓█▀▀█         █     
         ▐█          ▐▄▓░ █▄       █▌     
          ▀█▄         ▀█▒░ ▀█▄   ▄█▀       
            ▀█▄         ▀█▄▄▄█▌▄█▀         
              ▀██▄▄       ▀▄▄██▀           
                 ▀▀████████▀▀             

TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 13, 2012, 07:20:54 PM
 #8

Interesting.

So, just to make sure I am getting this right.  When you go to the link you provided, the link that actually pops up in the URL bar is now "your" personal URL/wallet?  I have never used instawallet before, this looks pretty cool.  

The part I don't understand fully though is the mixing part.  It says they are mixed everyday regardless on the website?  So you would only pay extra if you wanted your coins "washed" immediately or something?

If you don't mind me asking, how do you plan on generating profit from this?  


The mixing fees. We are currently doing it manually and paying our own fee, this is temporary. We've update the site to clarify this.

------------

Bitcoin is legal in COM/NET/ORG, but mixing them is probably not or will not be, hence the requirement to use tor.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
dancingnancy
Hero Member
*****
Offline Offline

Activity: 588



View Profile
June 13, 2012, 07:35:43 PM
 #9

Interesting.

So, just to make sure I am getting this right.  When you go to the link you provided, the link that actually pops up in the URL bar is now "your" personal URL/wallet?  I have never used instawallet before, this looks pretty cool. 

The part I don't understand fully though is the mixing part.  It says they are mixed everyday regardless on the website?  So you would only pay extra if you wanted your coins "washed" immediately or something?

If you don't mind me asking, how do you plan on generating profit from this? 


The mixing fees. We are currently doing it manually and paying our own fee, this is temporary. We've update the site to clarify this.


OK.  Makes sense.  So, I haven't been in the BTC community for long, I probably have some dumb questions.

a)  Since the user doesn't have control of the wallet.dat file, where is this thing actually located?  Like for instance, can your website just shut down and then the user doesn't have access to funds?  Kind of like what happened w/Bitcoinica?

b)  Knowing this, are our deposits (any portion) going into any type of risk associated assets?  Like for instance, you are only keeping 80% of users capital on site, then using the other 20% for proprietary purposes?

c)  If this is the case, then shouldn't users be paid interest on deposits? 

d)  Sorry, that is why I wondered how you planned on generating profit.  If it is solely through bitcoin mixing and you have enough users I guess that would make sense.  I am really more concerned though about the first couple points, but maybe I don't fully understand the process.

Thanks.



                                         ▄
                 ▄▄████████▄▄         ▄▄██
 ▄▄           ▄██▀▀        ▀▀██▄    ▄███▀
 ▀███▄▄     ▄█▀                ▀█▄▄█████▀
  ▀██████▄▄█▀                ▄▄███████▀
   ▐█████████▄           ▄▄███████████
     ▀█████████▄▄      ▄█████████████
       ▀██████████    ███████████████
        ▐▀█████████  █████████████▀ ▐▌
        ▐▌ ▀▀██████ ▐███████████▀   ▐▌
        ▐▌      ▀██ ▐█████████▀     ▐▌
         █        ▀  ██████         █
         ▐█          ▐█████▄       █▌
          ▀█▄         ▀██████▄   ▄█▀
            ▀█▄         ▀█████▌▄█▀
              ▀██▄▄       ▀▄▄██▀
                ▀▀████████▀▀
T
....ANGEL TOKEN....


                                         ▄
                 ▄▄████████▄▄         ▄▄██
 ▄▄           ▄██▀▀        ▀▀██▄    ▄█▀█▀ 
 ▀█▀█▄▄     ▄█▀                ▀█▄▄█  ▄█▀ 
  ▀█  ▀▀█▄▄█▀                ▄▄██░   █▀   
   ▐▄▄  ░░░▀█▄           ▄▄█▀▀░░░   ▄█     
     ▀█▄ ░░░▒▒█▄▄      ▄██▒▒▒▒▒░    █     
       ▀▄▄ ░░▒▒▒▓█    ██▒▒▒▒▒▒░   ▄▄█     
        ▐▀█▄░░▒▒▓██  █▓▒▒▒▒▒▒░  ▄█▀ ▐▌     
        ▐▌ ▀▀█▒▓███░▐█▓▒▒▒▒░░ ▄█▀   ▐▌     
        ▐▌      ▀██ ▐█▓▓▒▒▄▄▄█▀     ▐▌     
         █        ▀  █▓█▀▀█         █     
         ▐█          ▐▄▓░ █▄       █▌     
          ▀█▄         ▀█▒░ ▀█▄   ▄█▀       
            ▀█▄         ▀█▄▄▄█▌▄█▀         
              ▀██▄▄       ▀▄▄██▀           
                 ▀▀████████▀▀             

TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 13, 2012, 07:43:32 PM
 #10

Interesting.

So, just to make sure I am getting this right.  When you go to the link you provided, the link that actually pops up in the URL bar is now "your" personal URL/wallet?  I have never used instawallet before, this looks pretty cool. 

The part I don't understand fully though is the mixing part.  It says they are mixed everyday regardless on the website?  So you would only pay extra if you wanted your coins "washed" immediately or something?

If you don't mind me asking, how do you plan on generating profit from this? 


The mixing fees. We are currently doing it manually and paying our own fee, this is temporary. We've update the site to clarify this.


OK.  Makes sense.  So, I haven't been in the BTC community for long, I probably have some dumb questions.

a)  Since the user doesn't have control of the wallet.dat file, where is this thing actually located?  Like for instance, can your website just shut down and then the user doesn't have access to funds?  Kind of like what happened w/Bitcoinica?

b)  Knowing this, are our deposits (any portion) going into any type of risk associated assets?  Like for instance, you are only keeping 80% of users capital on site, then using the other 20% for proprietary purposes?

c)  If this is the case, then shouldn't users be paid interest on deposits? 

d)  Sorry, that is why I wondered how you planned on generating profit.  If it is solely through bitcoin mixing and you have enough users I guess that would make sense.  I am really more concerned though about the first couple points, but maybe I don't fully understand the process.

Thanks.


a) It is kept on our server, this is necessary for any mixing service because we need to move the coins in order to mix them. Operating through tor also reduces out risk of hacking, since the only access anyone has to the server is through port 80.

b) No customer coins will ever leave the wallet.

c) n/a

d) Profits are through mixing alone.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
Polvos
Hero Member
*****
Offline Offline

Activity: 597



View Profile
June 13, 2012, 07:45:48 PM
 #11

I have two questions:

- ¿How are you supposed to laundry bitcoins if only tainted coins owners use your service?
- If you want to mix coins: why perfectly clear bitcoins users should use your service?

TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 13, 2012, 07:54:27 PM
 #12

I have two questions:

- ¿How are you supposed to laundry bitcoins if only tainted coins owners use your service?
- If you want to mix coins: why perfectly clear bitcoins users should use your service?

It provides a complete disconnect between the input coins and output coins. Anyone tracing coins will not be able to tell where any particular coin went or came from, only that you used our service.

We will be manually inserting clean coins and mixing "dirty" ones through other wallet services. Automation is planned but we have not completed our risk analysis yet.

Clean users are welcome to use our service, it is a easy to use and convenient, and we welcome access through tor2web. I personally like my privacy and always mix my coins regardless of where I'm sending them.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
Foxpup
Legendary
*
Offline Offline

Activity: 2016



View Profile
June 13, 2012, 08:11:43 PM
 #13

I have two questions:

- ¿How are you supposed to laundry bitcoins if only tainted coins owners use your service?
- If you want to mix coins: why perfectly clear bitcoins users should use your service?

Because "If you've done nothing wrong, you've got nothing to hide" is a load of BS. Do you really want your boss (who pays you in bitcoins because we're imagining a hypothetical future in which bitcoins are mainstream) finding out that you're spending your paycheck on porn? Is that the sort of future you really want?

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
mb300sd
Legendary
*
Offline Offline

Activity: 1260

Drunk Posts


View Profile WWW
June 14, 2012, 02:07:47 AM
 #14

I'll use it with a couple BTC.. sounds interesting at least.

1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
June 14, 2012, 05:25:57 AM
 #15

I tried this and it is absolutely awesome! The 3% fee for mixing coins is reasonable too. You send coins to the deposit address provided, then you save the address and can send the coins wherever you like, or mix them for a fee. (FYI: 3% of 16.667 BTC = .5 BTC, the minimum mixing fee.)

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2436



View Profile
June 14, 2012, 05:39:22 AM
 #16

I have two questions:

- ¿How are you supposed to laundry bitcoins if only tainted coins owners use your service?
- If you want to mix coins: why perfectly clear bitcoins users should use your service?

Because "If you've done nothing wrong, you've got nothing to hide" is a load of BS. Do you really want your boss (who pays you in bitcoins because we're imagining a hypothetical future in which bitcoins are mainstream) finding out that you're spending your paycheck on porn? Is that the sort of future you really want?

If you've done nothing wrong they've got no reason to look .... is the obvious corollary to the old statist chestnut ... and the antidote of course.

Presumption of innocence .... was the basis of all common law until he present era of big, fat, nosey state, we are all criminals now under the presumption of guilt doctrine.

Akemashite Omedetou
Member
**
Offline Offline

Activity: 84



View Profile WWW
June 14, 2012, 09:18:32 AM
 #17

Just wanted to point out that we've been operating a similar service for about 7 months now, with the focus on the security, we haven't had a single breach of security, our fees are around 2% (1%-3% randomized, to increase obscurity), and we have a solid user base and thousands of bitcoins going through every day, and volume means a lot in an anonymization service.
www.bitcoinfog.com (a freenet page with some information)
http://fogcore5n3ov3tui.onion (the address you must use, only accessible through Tor)
https://bitcointalk.org/index.php?topic=50037.0 (main discussion topic)

But hey, competition is always good for users, new features get developed faster Wink

Bitcoin Fog: Secure Bitcoin Anonymization

---
Creedy: Die! Die! Why won't you die?... Why won't you die?
V: Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof.
Polvos
Hero Member
*****
Offline Offline

Activity: 597



View Profile
June 14, 2012, 09:38:14 AM
 #18

I have two questions:

- ¿How are you supposed to laundry bitcoins if only tainted coins owners use your service?
- If you want to mix coins: why perfectly clear bitcoins users should use your service?

Because "If you've done nothing wrong, you've got nothing to hide" is a load of BS. Do you really want your boss (who pays you in bitcoins because we're imagining a hypothetical future in which bitcoins are mainstream) finding out that you're spending your paycheck on porn? Is that the sort of future you really want?

Hey, hey, I'm with you. I'm a libertarian. But what I'd like to mark with my questions is the absolutely need of a fee-coin-melting miner in a serious laundry service .

In my opinion the fee-melting is the only way to get your coins laundered. The first one I heard about the melting service was Death and Taxes. He could explain it better. I'm only a loyal devote of the idea.

kangasbros
Hero Member
*****
Offline Offline

Activity: 812



View Profile
June 14, 2012, 01:27:11 PM
 #19

I don't see the reasons why people use mixing services, and pay a hefty fee:

- Almost all exchanges tumble their coins to my knowledge
- Almost all web services tumble their coins (this is just easiest way to implement a service, one wallet for all users).
- Silk Road tumbles their coins, etc.
- etc etc

So why pay for laundrying? Laundry service probably provides you coins that someone else wanted to launder previously. So I see no difference to actually just depositing your coins to some random web service, and then withdrawing them after a while. Usually it is fraction of the cost.

Ente
Legendary
*
Offline Offline

Activity: 2060



View Profile
June 14, 2012, 01:35:30 PM
 #20

Just wanted to point out that we've been operating a similar service for about 7 months now, with the focus on the security, we haven't had a single breach of security, our fees are around 2% (1%-3% randomized, to increase obscurity), and we have a solid user base and thousands of bitcoins going through every day, and volume means a lot in an anonymization service.
www.bitcoinfog.com (a freenet page with some information)
http://fogcore5n3ov3tui.onion (the address you must use, only accessible through Tor)
https://bitcointalk.org/index.php?topic=50037.0 (main discussion topic)

But hey, competition is always good for users, new features get developed faster Wink

Its not too kind to advertise ones own, basically identical service in a competitor's thread, you know?
It would be very kind, however, if said person offered a strategic alliance to exchange and mix coins, so both services and all users gain. ;-)

Ente
cryptoanarchist
Legendary
*
Offline Offline

Activity: 1106



View Profile
June 14, 2012, 01:36:44 PM
 #21

Very nice! Thank you for creating this. If I were starting any sort of new Bitcoin venture, it would likely be Tor accessible only. We really need to migrate to Onionland, IMO.

If we're legal and COM/ORG/NET land doesn't have a problem, then why?

Because we won't be legal forever. I'd be willing to bet cash money FedGov attacks Bitcoin within 3-5 years.

Unless the FedGov is insolvent in the next 3-5 years. They won't have a lot of money if their "notes" become worthless.

If people keep coming up with great services like this, it'll be too hard for the Fed to go after them all anyway.
Akemashite Omedetou
Member
**
Offline Offline

Activity: 84



View Profile WWW
June 14, 2012, 01:38:23 PM
 #22

Quote
So why pay for laundrying? Laundry service probably provides you coins that someone else wanted to launder previously. So I see no difference to actually just depositing your coins to some random web service, and then withdrawing them after a while. Usually it is fraction of the cost.

Well because you don't actually KNOW that the service is going to launder your coins.
And because all "normal" services can and do keep logs of usernames/ip addresses linked to deposits.
Should the time come, the police won't try to guess what happened from the block chain, they will simply come to the service and ask for the information from the logs, which any legitimate service will provide because they don't want any problems with the law.
They are also much easier to find and contact for the authorities than an anonymous-good-luck-to-find tor hidden service.

Bitcoin Fog: Secure Bitcoin Anonymization

---
Creedy: Die! Die! Why won't you die?... Why won't you die?
V: Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof.
Deafboy
Hero Member
*****
Offline Offline

Activity: 484



View Profile WWW
June 14, 2012, 01:45:05 PM
 #23

Quote
Its not too kind to advertise ones own, basically identical service in a competitor's thread
From the users point of view this is awsome. You have list of launderies (or other services) in one place Tongue

Like the feature on online shops "Customers who buy this item also buy these..."
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
June 14, 2012, 02:29:33 PM
 #24

Site hosted on TOR ? Trying to collect BTC to "launder" them...
Sounds legit. Sounds like it could disappear any minute without customers having any recourse.

Protip : if you want to launder coins, mix them with *clean* coins, not other tainted coins Wink
And use a service that has enough coins in its shared wallet fot it to actually work.

tgmarks
Donator
Hero Member
*
Offline Offline

Activity: 490


View Profile
June 14, 2012, 05:05:11 PM
 #25

I'm glad to see another service in this area.  I haven't used one yet, but another step towards the ability of anonymity is always welcome.

TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 14, 2012, 06:11:51 PM
 #26

Just wanted to point out that we've been operating a similar service for about 7 months now, with the focus on the security, we haven't had a single breach of security, our fees are around 2% (1%-3% randomized, to increase obscurity), and we have a solid user base and thousands of bitcoins going through every day, and volume means a lot in an anonymization service.
www.bitcoinfog.com (a freenet page with some information)
http://fogcore5n3ov3tui.onion (the address you must use, only accessible through Tor)
https://bitcointalk.org/index.php?topic=50037.0 (main discussion topic)

But hey, competition is always good for users, new features get developed faster Wink

I would appreciate it if you didn't advertise in our announcement thread.

However, we do have a couple advantages. We use a different mixing method, that allows instant mixing, by sending all coins to a single address in a single transaction. Its a bit more convenient since there is no need to create an account and faster. If you leave your coins on the service long enough, they are likely to be mixed for free when someone else mixes theirs.

I don't see the reasons why people use mixing services, and pay a hefty fee:

- Almost all exchanges tumble their coins to my knowledge
- Almost all web services tumble their coins (this is just easiest way to implement a service, one wallet for all users).
- Silk Road tumbles their coins, etc.
- etc etc

So why pay for laundrying? Laundry service probably provides you coins that someone else wanted to launder previously. So I see no difference to actually just depositing your coins to some random web service, and then withdrawing them after a while. Usually it is fraction of the cost.

Because any service not on tor probably keeps logs of your IP address, and could be coerced into giving up your information. Anyone wanting to force us to talk would have to find us first.

Site hosted on TOR ? Trying to collect BTC to "launder" them...
Sounds legit. Sounds like it could disappear any minute without customers having any recourse.

Protip : if you want to launder coins, mix them with *clean* coins, not other tainted coins Wink
And use a service that has enough coins in its shared wallet fot it to actually work.

We are working on getting clean coins and a larger pool. As of now, we are manually moving a pool of coins (ours, never customers) in and out, through a number of sites including silk road and instawallet. We are working on automating this process but have to take into account the risk of one of these services taking, freezing or losing our coins.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
June 14, 2012, 08:01:35 PM
 #27

Because any service not on tor probably keeps logs of your IP address, and could be coerced into giving up your information. Anyone wanting to force us to talk would have to find us first.
Connect to these services through Tor ?

We are working on getting clean coins and a larger pool. As of now, we are manually moving a pool of coins (ours, never customers) in and out, through a number of sites including silk road and instawallet. We are working on automating this process but have to take into account the risk of one of these services taking, freezing or losing our coins.
Moving coins to and from silk road is a quite original way to get clean coins...
Your service is quite irrelevant since going directly to any big shared wallet through Tor pretty much achieves the same thing.

Akemashite Omedetou
Member
**
Offline Offline

Activity: 84



View Profile WWW
June 14, 2012, 08:40:43 PM
 #28

Quote
I would appreciate it if you didn't advertise in our announcement thread.
Sorry, didn't mean to steal your thread or anything. It just seemed only fair and open I could at least inform users about our service, since you have basically copied the exact idea with some small changes, and many users may not know that both services exist. We won't *advertise* anything here anymore of course.

Bitcoin Fog: Secure Bitcoin Anonymization

---
Creedy: Die! Die! Why won't you die?... Why won't you die?
V: Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof.
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 14, 2012, 09:56:37 PM
 #29

Because any service not on tor probably keeps logs of your IP address, and could be coerced into giving up your information. Anyone wanting to force us to talk would have to find us first.
Connect to these services through Tor ?

We are working on getting clean coins and a larger pool. As of now, we are manually moving a pool of coins (ours, never customers) in and out, through a number of sites including silk road and instawallet. We are working on automating this process but have to take into account the risk of one of these services taking, freezing or losing our coins.
Moving coins to and from silk road is a quite original way to get clean coins...
Your service is quite irrelevant since going directly to any big shared wallet through Tor pretty much achieves the same thing.


Perhaps sr is not the best example, just a large part of our initial pool of coins. We also use a few exchanges and gambling sites for clean coins, but will not name them to reduce risks of having out accounts suspended.

Using a big service with your own coins does not help. They can still link the inputs to outputs. Since we are using a pool of many people's coins, simply linking the input to output only links us to ourselves, but introduces clean coins into the mix and makes it even more difficult to trace our client's coins. The worst case is that someone tracing can determine you used our service, but mixing with other services increases our pool size and makes this much more difficult.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 15, 2012, 06:20:14 AM
 #30

We apologize to anyone who experienced some strange error messages while accessing the site. We accidentally broke the site for a few minutes while implementing the QR code generation code.

On the upside, you can now scan a qr code with your phone and send directly to torwallet.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
June 15, 2012, 11:17:16 AM
 #31

Using a big service with your own coins does not help. They can still link the inputs to outputs. Since we are using a pool of many people's coins, simply linking the input to output only links us to ourselves, but introduces clean coins into the mix and makes it even more difficult to trace our client's coins. The worst case is that someone tracing can determine you used our service, but mixing with other services increases our pool size and makes this much more difficult.
I fail to understand how it's different, send coins to Instawallet, withdraw coins half an hour later, you won't get the same coins since it's a shared wallet.
Repeat this step with a second shared wallet, in another country preferably => coins cleaned.
And all this without handing your coins to a onion service that could instantly disappear with all the users funds.

Ente
Legendary
*
Offline Offline

Activity: 2060



View Profile
June 15, 2012, 11:28:08 AM
 #32

Using a big service with your own coins does not help. They can still link the inputs to outputs. Since we are using a pool of many people's coins, simply linking the input to output only links us to ourselves, but introduces clean coins into the mix and makes it even more difficult to trace our client's coins. The worst case is that someone tracing can determine you used our service, but mixing with other services increases our pool size and makes this much more difficult.
I fail to understand how it's different, send coins to Instawallet, withdraw coins half an hour later, you won't get the same coins since it's a shared wallet.
Repeat this step with a second shared wallet, in another country preferably => coins cleaned.
And all this without handing your coins to a onion service that could instantly disappear with all the users funds.


..same problem with anonymous surfing: Sure, you can use one regular proxy. You are then anonymous to outsiders. But not to the proxy people, and not to the guys with the rubber hose talking to the proxy people. All right, use two, three, many proxys in a row? It only costs more time and effort to de-anonymize you, thats all. Maybe less than one workday, with scary confidential emails from three letter agencies.
The real solution, of course, is TOR.

And yes, you still have to trust TORwallet to not do something fishy with the logs. I, personally, already trust them more than other services to tumble coins. I will eventually try it out, with small amounts.

edit:
or, see it as a tradeoff:
- Regular services (yohndonym, instawallet): You can be pretty sure they work (and not steal your stuff), and you can be pretty sure they will eventually break (court order, raided servers, rubberhose)
- itself anonymous services (TOR, TORwallet): You will never be sure they will not run, once they have xy Bitcoin collected, or will be a honeypot to begin with (90% TOR nodes from three letter agencies?), but at least it it technically possible for them to not give out data in any event

Ente
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 15, 2012, 03:18:25 PM
 #33

Using a big service with your own coins does not help. They can still link the inputs to outputs. Since we are using a pool of many people's coins, simply linking the input to output only links us to ourselves, but introduces clean coins into the mix and makes it even more difficult to trace our client's coins. The worst case is that someone tracing can determine you used our service, but mixing with other services increases our pool size and makes this much more difficult.
I fail to understand how it's different, send coins to Instawallet, withdraw coins half an hour later, you won't get the same coins since it's a shared wallet.
Repeat this step with a second shared wallet, in another country preferably => coins cleaned.
And all this without handing your coins to a onion service that could instantly disappear with all the users funds.

So are you going to swear to us that you keep no logs of incoming and outgoing transactions? And that you too won't disappear suddenly? Obviously you aren't quite as anonymous as a Tor operator, so you can't bill your service as equivalent in terms of privacy.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
June 15, 2012, 03:56:40 PM
 #34

So are you going to swear to us that you keep no logs of incoming and outgoing transactions? And that you too won't disappear suddenly? Obviously you aren't quite as anonymous as a Tor operator, so you can't bill your service as equivalent in terms of privacy.
I never said there were no logs kept.

Any incentive to remain honest for a hidden service collecting bitcoins instantly disappears when they see that their customer holdings exceed the revenue they could expect from fees over X years.

Go for it, I'll happily pass.

Serith
Sr. Member
****
Offline Offline

Activity: 269


View Profile
June 15, 2012, 06:49:43 PM
 #35

So are you going to swear to us that you keep no logs of incoming and outgoing transactions? And that you too won't disappear suddenly? Obviously you aren't quite as anonymous as a Tor operator, so you can't bill your service as equivalent in terms of privacy.
I never said there were no logs kept.

Any incentive to remain honest for a hidden service collecting bitcoins instantly disappears when they see that their customer holdings exceed the revenue they could expect from fees over X years.

Go for it, I'll happily pass.

That's a good point, is there a way to exclude a human from the process? Something like open source botnet, that has sole purpose to act as giant mixer.
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 15, 2012, 08:15:32 PM
 #36

We assure you that there are no logs of transactions kept whatsoever. HTTP logging is minimal and purged every 6 hours. Our database structure consists of 4 columns, wallet id, address, previous-getreceivedbyaddress, and balance. (and no, those are not the actual column names for you SQL injectors out there)

As for us disappearing, I'm sure the operator of silk road could run right now with 10+ years of profits and virtually eliminate his risk of getting caught by the DEA, but he hasn't.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2436



View Profile
June 15, 2012, 11:33:08 PM
 #37

So are you going to swear to us that you keep no logs of incoming and outgoing transactions? And that you too won't disappear suddenly? Obviously you aren't quite as anonymous as a Tor operator, so you can't bill your service as equivalent in terms of privacy.
I never said there were no logs kept.

Any incentive to remain honest for a hidden service collecting bitcoins instantly disappears when they see that their customer holdings exceed the revenue they could expect from fees over X years.

Go for it, I'll happily pass.

That's a good point, is there a way to exclude a human from the process? Something like open source botnet, that has sole purpose to act as giant mixer.

Done, it's called bitcoin Smiley

evoorhees
Legendary
*
Offline Offline

Activity: 994


Democracy is the original 51% attack


View Profile
June 16, 2012, 01:08:44 AM
 #38

OP - really glad to see this new mixing service! The more the better. I hope you guys realize you can make al ot of money if you stick around and operate honestly. If you steal the coins and the service goes down, you get a short-term payout but lose a huge money making asset and it would be the height of foolishness. So, please stay honest and you will be rewarded with time.

Also, I wonder if anyone is using SatoshiDice to clean coins? The coins sent in are not the same as those sent back, and with a house edge of 1.5% one could consider that a "mixing" fee Wink
Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
June 16, 2012, 03:08:23 AM
 #39

OP - really glad to see this new mixing service! The more the better. I hope you guys realize you can make al ot of money if you stick around and operate honestly. If you steal the coins and the service goes down, you get a short-term payout but lose a huge money making asset and it would be the height of foolishness. So, please stay honest and you will be rewarded with time.

I agree with this. Torwallet could become a gigantic service if you stay honest.

Also, I wonder if anyone is using SatoshiDice to clean coins? The coins sent in are not the same as those sent back, and with a house edge of 1.5% one could consider that a "mixing" fee Wink

Really? I thought the payout of a bet always included the bet transaction as one of its inputs.

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
mb300sd
Legendary
*
Offline Offline

Activity: 1260

Drunk Posts


View Profile WWW
June 16, 2012, 03:17:26 AM
 #40

OP - really glad to see this new mixing service! The more the better. I hope you guys realize you can make al ot of money if you stick around and operate honestly. If you steal the coins and the service goes down, you get a short-term payout but lose a huge money making asset and it would be the height of foolishness. So, please stay honest and you will be rewarded with time.

I agree with this. Torwallet could become a gigantic service if you stay honest.

Also, I wonder if anyone is using SatoshiDice to clean coins? The coins sent in are not the same as those sent back, and with a house edge of 1.5% one could consider that a "mixing" fee Wink

Really? I thought the payout of a bet always included the bet transaction as one of its inputs.

It does, thats how they prevent double spends.

1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
June 16, 2012, 03:20:57 AM
 #41

Torwallet, would it be possible to show if your wallet's coins have been mixed by others, before mixing them yourself?

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
June 16, 2012, 03:31:49 AM
 #42

Very nice! Thank you for creating this. If I were starting any sort of new Bitcoin venture, it would likely be Tor accessible only. We really need to migrate to Onionland, IMO.

If we're legal and COM/ORG/NET land doesn't have a problem, then why?

Because we won't be legal forever. I'd be willing to bet cash money FedGov attacks Bitcoin within 3-5 years.
Why would they wait? It's not like they are strangers to attacking the small, helpless, and weak...

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 16, 2012, 04:34:01 AM
 #43

Torwallet, would it be possible to show if your wallet's coins have been mixed by others, before mixing them yourself?

That would require us to keep records of transactions in order to know which ones get mixed.

--------------------------

We've added an option to delete a TORwallet once you are done with it. Deleting removes the database record for the wallet and will allow us to purge the private key in the future.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 16, 2012, 07:32:56 PM
 #44

TORwallet is now accessible without Tor!

We have set up a clearnet website at http://torwallet.net/

The server is a tcp proxy with port 443 forwarded through tor using socat. Anyone hacking or seizing it will get nothing more than an HTML page. We purchased it anonymously through tor with bitcoins so there is no trail leading back to us.

We hope that this will get you to use us as not only a mixer, but a regular wallet as well.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
June 16, 2012, 11:19:14 PM
 #45

We hope that this will get you to use us as not only a mixer, but a regular wallet as well.

Why would you hope for that?

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 16, 2012, 11:50:31 PM
 #46

We hope that this will get you to use us as not only a mixer, but a regular wallet as well.

Why would you hope for that?

It increases our mixing pool and legitimizes outbound coins from our service. Our goal is to be widely used for all types of transactions and mix all the coins together, completely disabling the concept of tainted coins.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2436



View Profile
June 17, 2012, 12:35:08 AM
 #47


All your monies are tainted already, I thought everybody knew that? .... they don't call it filthy lucre for nothing!

"Render unto Caesar what is Caesar's .... " you know the rest.

TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 19, 2012, 04:01:01 AM
 #48

We just experienced about an hour of down time. We thought it would be a good idea to configure Tor as a relay to increase security, but it used up all the ram on the server and we had to reboot it.

Please do not worry if you had deposits. We are here for the long term.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
June 19, 2012, 04:20:08 AM
 #49

We just experienced about an hour of down time. We thought it would be a good idea to configure Tor as a relay to increase security, but it used up all the ram on the server and we had to reboot it.

Please do not worry if you had deposits. We are here for the long term.

This might help you: https://www.torproject.org/docs/faq#RelayMemory

Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
June 19, 2012, 04:29:49 AM
 #50

We thought it would be a good idea to configure Tor as a relay to increase security.

Wouldn't that increase the likelihood that someone finds out your server's IP address/location?

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 19, 2012, 04:36:48 AM
 #51

We thought it would be a good idea to configure Tor as a relay to increase security.

Wouldn't that increase the likelihood that someone finds out your server's IP address/location?

Not unless someone decides to hack or raid every tor relay. Being a relay mixes your traffic in with other people's traffic, making it more difficult to do timing and correlation attacks.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
June 20, 2012, 10:26:16 AM
 #52

TORwallet is now accessible without Tor!

We have set up a clearnet website at http://torwallet.net/

The server is a tcp proxy with port 443 forwarded through tor using socat. Anyone hacking or seizing it will get nothing more than an HTML page. We purchased it anonymously through tor with bitcoins so there is no trail leading back to us.

We hope that this will get you to use us as not only a mixer, but a regular wallet as well.

Silk Road should do that Cheesy

topikwm
Newbie
*
Offline Offline

Activity: 19


View Profile
June 20, 2012, 01:29:31 PM
 #53

I am confused by only one point. URL-s easy to sniff.
HostFat
Staff
Legendary
*
Offline Offline

Activity: 2646


I support freedom of choice


View Profile WWW
June 20, 2012, 01:33:56 PM
 #54

Silk Road should do that Cheesy
You can use tor2web.org or onion.to services Wink

NON DO ASSISTENZA PRIVATA - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
June 20, 2012, 03:02:13 PM
 #55

I am confused by only one point. URL-s easy to sniff.

The URLs are pretty much random and brute-forcing to find one with money in it would take many thousands of years.

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
June 20, 2012, 03:08:29 PM
 #56

I am confused by only one point. URL-s easy to sniff.
Only if you're not using https.
Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
June 20, 2012, 03:14:23 PM
 #57

I am confused by only one point. URL-s easy to sniff.
Only if you're not using https.

^^ This. And I believe Tor also encrypts your data.

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
topikwm
Newbie
*
Offline Offline

Activity: 19


View Profile
June 20, 2012, 06:34:17 PM
 #58

You do not understand what I mean, here is an example for "instawallet"

http://www.google.com/search?q=site:instawallet.org+w&hl=en&newwindow=1&safe=active&prmd=imvns&psj=1&ei=dRbiT9m2G4eMsgb26NBw&start=50&sa=N&filter=0&biw=1411&bih=773&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb

it makes no difference
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
June 20, 2012, 06:49:15 PM
 #59


I don't understand what you're trying to say. When you visit a site over https the url is encrypted, no one can see what it is.
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 20, 2012, 06:51:52 PM
 #60


I don't understand what you're trying to say. When you visit a site over https the url is encrypted, no one can see what it is.
And there's no way Google can crawl it unless you post a link somewhere.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
June 20, 2012, 07:22:37 PM
 #61


Robots.txt much?

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
topikwm
Newbie
*
Offline Offline

Activity: 19


View Profile
June 20, 2012, 07:32:39 PM
 #62

By the link you can find other users' wallets:

https://instawallet.org/w/vXjpEwkofHdLFgpaF-dm-g
https://instawallet.org/w/gZiQKV5qImChThSHtXGnHVVz72RKe1aA
https://instawallet.org/w/UIx9A2qvkJRRLjQqjBvBjY5TzntD955k7Q
https://instawallet.org/w/bfLZ5GP7iC1Y8WsZCEdb6A
...

Google does not index the content, but provides links.
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
June 20, 2012, 07:35:41 PM
 #63


As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 20, 2012, 08:16:25 PM
 #64

We'd like to thank Bitcoin Magazine for reviewing our service. Here are a few comments and responses we had on the article.

Quote from: Bitcoin Magazine
While the idea seems convenient at first glance, the effectiveness of this implementation can be called into question. First of all, the representation of TORwallet as an “anonymous mixing bitcoin wallet” is somewhat misleading. One would expect such a wallet to carry out its mixing functionality automatically and behind the scenes, so that user could be comfortable in the knowledge that the “mixing wallet” is doing the mixing for him, but in TORwallet this is not the case. For mixing to take place at all, the user must activate the feature manually by clicking the “mix coins” button and paying the greater of 3% of the amount mixed or 0.5 bitcoins as a fee, making the “mixing” and “wallet” functionalities essentially completely separate. This particular way of implementing the mixing functionality is highly problematic not only because of usability, but also because it limits functionality; what if a user periodically deposits new coins that need to be exchanged for “clean” coins and does not wish to pay a 3% tax on his entire pool of savings every time he does so?

Our wallet will mix your coins even if you never pay the fee, but you will not know if and when your coins have been mixed. When someone clicks the mix button, it draws on all coins in our service, including those from people who have never clicked it. The button is there for those willing to pay a small fee for the immediate certainty that their coins have been mixed.

If you are periodically depositing coins, simply deposit them to a new wallet and mix them. Move them to your old one if you must, but we suggest using a new wallet regularly for greater anonymity anyway.

Quote from: Bitcoin Magazine
The wallet’s security model, a copy of that used by InstaWallet, is also problematic. The strategy of using the URL as the password is highly problematic, since it means that anyone who gets access to your browser can simply look through your history, open up your wallet and drain it within seconds. Accessing the wallet only through a private browsing mode (which the Tor browser bundle does by default) solves this problem, but also creates the problem of having to find a place to store the URL. To prevent attackers from easily finding it with a simple file directory scan, it would have to be stored encrypted, and at that point what you have is simply a more cumbersome version of a proper username/password authentication framework like that used by secure wallets like Blockchain.

We are considering implementing a function where you can password protect the wallet, so that the URL will become a username rather than password.

We also suggest password protecting your computer and using encrypted LVM, TrueCrypt, or BitLocker to prevent anyone untrusted from accessing your computer and browser. This is a general security recommendation for everyone whether you use our service or not.

Quote from: Bitcoin Magazine
Both of TORwallet’s key functions have superior alternatives as separate entities – Bitcoin Fog as a mixing service, as it takes a smaller fee (randomized 1-3%) and a smaller minimum (1.00 BTC withdraw with no fixed fee component), and Blockchain is a stronger wallet. Furthermore, there is even a service which can be described as a mixing wallet done right: Silk Road. The Tor-based black market auction site employs a secure mixing service intended to be safe enough even for users engaged in illegal activities for all bitcoins passing through the system, and includes the send, receive and storage functionality needed to make a basic wallet work.

Our advantage over Bitcoin Fog and Silk Road is our convenience and speed. You can immediately withdraw your coins at any time without the wait. Both other services delay deposits and withdraws for at least a few hours. We only require 2 confirmations. We suggest withdrawing in multiple transactions to different addresses, however users are free to do as they choose. One use case for our service is people sending coins to and from Silk Road, so that rules them out as an option.

Quote from: Bitcoin Magazine
The last problem is that of trust. As we know from the examples of MyBitcoin and Bitscalper, anonymous services whose only function is storing money cannot be trusted simply because the profit that they would earn from running away with everyone’s coins at any point is sufficiently high compared to the profit that they expect to earn in the future by acting honestly that it often is expedient for them to disappear. Deposit accounts can still be trusted; if the provider provides enough information about who they are and where they can be found, the threat of law enforcement will shift the calculus toward honesty, and even some anonymous services can be trustworthy. In the case of Silk Road, for example, users only need to store change in the service for a few days, and the owners have an effective source of fees, the future expectation of which is sufficient to continually entice them to conduct themselves honorably. TORwallet, however, is intended to be a long-term money storage provider, and has chosen to maintain their anonymity, placing them on par with Bitscalper in terms of the level of trust that they presently deserve.

Our users are free to store coins for any term they like, from minutes to years. At this point, it does not seem like knowing the identity of the service owner or being easily traceable has helped anyone recover bitcoins. Both MyBitcoin and Bitscalper would have been easy to track down by law enforcement, however they are not even willing to get involved with thefts of something not legally recognized as currency. What they are certainly willing to expend resources on is tracking people laundering money for any number of reasons.

We also highly value our reputation. We will be launching several new services in the coming months as they are developed.

Quote from: Bitcoin Magazine
The one feature that TORwallet does have over its alternatives is its direct accessibility through Tor as a hidden service, something which no other online Bitcoin wallet (except Silk Road and its ilk) has available. Aside from that advantage, however, the service has a long way to go in terms of implementing a reliable framework of security and trust. One suggestion would be to switch to a Blockchain wallet security model, where the wallet is stored encrypted and all calculations are done client side, and to seamlessly integrate the mixer into the wallet as a deposit mechanism – the wallet would show a deposit address where users can send their funds to, which automatically triggers a mixing service which sends randomly sourced bitcoins to the wallet that the user controls perhaps less a 1-2% fee. This would solve the trust problem and the security problem while making it much more of a true “mixing wallet” at the same time. Abandoning the Instawallet URL-as-password model for something more secure is another necessity. As it stands, however, there are much better alternatives for the functionality that it provides.

Switching to a Blockchain security model would make our service impossible. We rely on having a pool of coins to mix your coins with, the larger that pool is the more difficult it will be to associate incoming and outgoing transactions. Switching to a blockchain model would require us to buy far more coins than we can afford to in order to increase pool size.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
geffaxiv-532
Jr. Member
*
Offline Offline

Activity: 40


View Profile
June 20, 2012, 08:22:19 PM
 #65

Hi, I find this service pretty dubious.

That means that if someone has a copy of your exact URL written down somewhere then they have full control over your account.
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 20, 2012, 08:32:45 PM
 #66

Hi, I find this service pretty dubious.

That means that if someone has a copy of your exact URL written down somewhere then they have full control over your account.
Where are they going to get a copy? Are you going to give it away? Protect it!

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Serith
Sr. Member
****
Offline Offline

Activity: 269


View Profile
June 20, 2012, 11:31:36 PM
 #67

We only require 2 confirmations.
How do you protect yourself from what presumably happend with Mybitcoin? Noticeable portion of Bitcoin Network hash power owned by botnets, therefore it is possible to execute the attack without leaving a trail.
topikwm
Newbie
*
Offline Offline

Activity: 19


View Profile
June 21, 2012, 08:10:20 AM
 #68

As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.

I gave an example. The right person will understand this.
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
June 21, 2012, 08:15:11 AM
 #69

As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.

I gave an example. The right person will understand this.

I can also randomly try 1000 different instawallet url-s and publish them on a website, but that doesn't mean any of them are legitimate. Actually, it is a lot more likely you're going to be killed by lightning the second after you read this than it is for any one of those 1000 accounts having any bitcoins on it.
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
June 21, 2012, 02:35:28 PM
 #70

As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.

I gave an example. The right person will understand this.
Assertion 1 :
Your search yields approximately 19 URLs.
There are over 250,000 different wallets at Instawallet.

Assertion 2 :
Google does not magically index hidden wallet URLs.

Make your conclusions.

topikwm
Newbie
*
Offline Offline

Activity: 19


View Profile
June 22, 2012, 06:59:39 AM
 #71


Assertion 1 :
Your search yields approximately 19 URLs.
There are over 250,000 different wallets at Instawallet.

Assertion 2 :
Google does not magically index hidden wallet URLs.

Make your conclusions.

1) 19 URLs? You have washed your eyes this morning?
http://s019.radikal.ru/i612/1206/08/9cf3ba33337e.png

2) read - 1


Have a nice day ебанашка.
Ente
Legendary
*
Offline Offline

Activity: 2060



View Profile
June 22, 2012, 07:28:51 AM
 #72

Come on guys, give TorWallet a break, will you?
Google indexing links to Instawallet wallets which people voluntarily published online, for whatever reason they have, has nothing to do with TorWallet.
Are you critizising Instawallet's design? Fine, then don't use it. It is one of the most popular wallets and services in the bitcoin ecosystem nevertheless.

Ente
topikwm
Newbie
*
Offline Offline

Activity: 19


View Profile
June 22, 2012, 08:09:39 AM
 #73

Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
June 22, 2012, 08:31:42 AM
 #74

Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
Care to elaborate on that? All this time you're denying everything we say without explanation.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
June 22, 2012, 10:29:49 AM
 #75

Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
Care to elaborate on that? All this time you're denying everything we say without explanation.

I think he means those links were not published voluntarily but were sent on emails(gmail) and indexed from there.
We already know they read emails to show contextual advertising, why not grab any URL inside and index them?

vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
June 22, 2012, 10:32:38 AM
 #76

Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
Care to elaborate on that? All this time you're denying everything we say without explanation.

I think he means those links were not published voluntarily but were sent on emails(gmail) and indexed from there.
We already know they read emails to show contextual advertising, why not grab any URL inside and index them?
Even if this is so I don't know how that is relevant. E-mails are plain text so sending such url over e-mail is no more secure than publishing it on a website. So basically this still has nothing to do with torwallet's security but with people's stupidity.
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
June 22, 2012, 10:42:45 AM
 #77


Assertion 1 :
Your search yields approximately 19 URLs.
There are over 250,000 different wallets at Instawallet.

Assertion 2 :
Google does not magically index hidden wallet URLs.

Make your conclusions.

1) 19 URLs? You have washed your eyes this morning?
{screenshot removed}

2) read - 1


Have a nice day ебанашка.





I meant 19 pages, I find only 17 pages, with 10 links per page it gives 170 wallet URLs, my point still stands.
Google indexes stuff that people publish, it does not do black magic.

Ente
Legendary
*
Offline Offline

Activity: 2060



View Profile
June 22, 2012, 10:44:25 AM
 #78

..At least it is true that I couldn't find webpages where the instawallet url would have been written, when google'ing a few of the posted urls..
So I think it may indeed be possible the urls came from somewhere else than posting and indexing.
Form googlemail directly? I can not believe that.. Who in their right mind would do that?

Well, lets try it out, someone with a gmail account mail a fresh instawallet url? If you post the url here afterwards, please skip the last digits or obfuscate it, since google indexes this thread too ;-)

And still: Totally off-topic to torwallet. Maybe let a mod spin off this topic to another thread?

Ente
topikwm
Newbie
*
Offline Offline

Activity: 19


View Profile
June 22, 2012, 12:41:52 PM
 #79

Form googlemail directly? I can not believe that.. Who in their right mind would do that?

There are other options: "Google Toolbar", Chrome.. but it does not matter.

Google indexes stuff that people publish, it does not do black magic.

Google know about 1560 URLs (by screenshot)
For safety reasons, he showed you only the first 170, but there are other ways to get those links.

But the problem is not in Google. The problem is that even Google can find a lot of URLs.
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 22, 2012, 02:08:32 PM
 #80

Form googlemail directly? I can not believe that.. Who in their right mind would do that?

There are other options: "Google Toolbar", Chrome.. but it does not matter.

Google indexes stuff that people publish, it does not do black magic.

Google know about 1560 URLs (by screenshot)
For safety reasons, he showed you only the first 170, but there are other ways to get those links.

But the problem is not in Google. The problem is that even Google can find a lot of URLs.
What you don't understand is that simply visiting the root of the instawallet site (and Torwallet too) redirects you to a new virgin wallet without clicking any buttons. When this happens, the URL changes, so Google indexes a new URL each time, because it doesn't understand what happened and it thinks that there is new content to be shown to search users. IT CANNOT AND WILL NOT DISCOVER EXISTING URLS UNLESS THEY ARE SPECIFICALLY PUBLISHED.

And that BS about Gmail was retarded, they don't index or publish your mail, they just scan it for keywords to provide relevant advertising.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
June 22, 2012, 02:14:18 PM
 #81

And that BS about Gmail was retarded, they don't index or publish your mail, they just scan it for keywords to provide relevant advertising.

That and stalk teenagers...

Keep drinking the koolaid.

rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 22, 2012, 02:14:53 PM
 #82

And that BS about Gmail was retarded, they don't index or publish your mail, they just scan it for keywords to provide relevant advertising.

That and stalk teenagers...

Keep drinking the koolaid.
Yeah that too lol. I forgot about that one.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 22, 2012, 08:34:40 PM
 #83

It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.

We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
jl2012
Legendary
*
Offline Offline

Activity: 1722


View Profile
June 25, 2012, 03:43:00 AM
 #84

Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.

It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.

We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
June 25, 2012, 04:08:39 AM
 #85

Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.

It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.

We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.

Can't they encrypt the code?  Undecided

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
June 25, 2012, 09:20:54 AM
 #86

Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.
badum-tssss

rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 25, 2012, 02:27:01 PM
 #87

Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.
badum-tssss
Same goes for your service, just depends on who gets hacked first.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
June 25, 2012, 09:16:05 PM
 #88

Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.
badum-tssss
Same goes for your service, just depends on who gets hacked first.
http://xkcd.com/703/

TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 25, 2012, 09:35:33 PM
 #89

Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.

It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.

We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.

Hacking of torwallet.net will expose absolutely nothing. https://torwallet.net is nothing more than a proxy, and actually has more in common with a port forward in your router. It doesn't even understand http and does nothing more than pipe data through tor.

In fact, here is the command we use.
socat openssl-listen:443,fork,reuseaddr,su=nobody socks4a:127.0.0.1:nci2szjrwjqw2zbi.onion:80,socksport=9050

Hacking of nci2szjrwjqw2zbi.onion would reveal current balances, however the attack surface is limited to a single port.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
jl2012
Legendary
*
Offline Offline

Activity: 1722


View Profile
June 27, 2012, 05:03:04 AM
 #90

Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.

It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.

We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.

Hacking of torwallet.net will expose absolutely nothing. https://torwallet.net is nothing more than a proxy, and actually has more in common with a port forward in your router. It doesn't even understand http and does nothing more than pipe data through tor.

In fact, here is the command we use.
socat openssl-listen:443,fork,reuseaddr,su=nobody socks4a:127.0.0.1:nci2szjrwjqw2zbi.onion:80,socksport=9050

Hacking of nci2szjrwjqw2zbi.onion would reveal current balances, however the attack surface is limited to a single port.

Just for example, I have the following wallet: https://www.torwallet.net/w/c85f0c2c5347caf6b302cebabed0e93c3ce023d6739b1e502128cbaa7042eddb

Therefore, anyone who knows the code "c85f0c2c53.............." can redeem all coins in my wallet.

A hacker can obtain the private key of torwallet.net's certificate, and he will learn the code "c85f0c2c53.............."

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 27, 2012, 01:10:14 PM
 #91

Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.

It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.

We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.

Hacking of torwallet.net will expose absolutely nothing. https://torwallet.net is nothing more than a proxy, and actually has more in common with a port forward in your router. It doesn't even understand http and does nothing more than pipe data through tor.

In fact, here is the command we use.
socat openssl-listen:443,fork,reuseaddr,su=nobody socks4a:127.0.0.1:nci2szjrwjqw2zbi.onion:80,socksport=9050

Hacking of nci2szjrwjqw2zbi.onion would reveal current balances, however the attack surface is limited to a single port.

Just for example, I have the following wallet: https://www.torwallet.net/w/c85f0c2c5347caf6b302cebabed0e93c3ce023d6739b1e502128cbaa7042eddb

Therefore, anyone who knows the code "c85f0c2c53.............." can redeem all coins in my wallet.

A hacker can obtain the private key of torwallet.net's certificate, and he will learn the code "c85f0c2c53.............."
However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.

Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
jl2012
Legendary
*
Offline Offline

Activity: 1722


View Profile
June 27, 2012, 03:49:24 PM
 #92

Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.

It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.

We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.

Hacking of torwallet.net will expose absolutely nothing. https://torwallet.net is nothing more than a proxy, and actually has more in common with a port forward in your router. It doesn't even understand http and does nothing more than pipe data through tor.

In fact, here is the command we use.
socat openssl-listen:443,fork,reuseaddr,su=nobody socks4a:127.0.0.1:nci2szjrwjqw2zbi.onion:80,socksport=9050

Hacking of nci2szjrwjqw2zbi.onion would reveal current balances, however the attack surface is limited to a single port.

Just for example, I have the following wallet: https://www.torwallet.net/w/c85f0c2c5347caf6b302cebabed0e93c3ce023d6739b1e502128cbaa7042eddb

Therefore, anyone who knows the code "c85f0c2c53.............." can redeem all coins in my wallet.

A hacker can obtain the private key of torwallet.net's certificate, and he will learn the code "c85f0c2c53.............."
However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.

Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.

The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 27, 2012, 03:52:37 PM
 #93

However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.

Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.

The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed
That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
jl2012
Legendary
*
Offline Offline

Activity: 1722


View Profile
June 27, 2012, 04:40:05 PM
 #94

However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.

Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.

The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed
That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint.

One the torwallet.net page it claims "Seizing or hacking this server will have no effect on TORwallet's services and gain you no bitcoins, only our wrath", but this is wrong. If the torwallet.net server is hacked, the private key of the SSL certificate is exposed, and the hacker will know the URL query strings

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 27, 2012, 04:57:54 PM
 #95

However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.

Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.

The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed
That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint.

One the torwallet.net page it claims "Seizing or hacking this server will have no effect on TORwallet's services and gain you no bitcoins, only our wrath", but this is wrong. If the torwallet.net server is hacked, the private key of the SSL certificate is exposed, and the hacker will know the URL query strings
That is not correct. Torwallet.net does not contain any private keys, and it is a separate server from the .onion site. They are not hosted on the same server. Not sure what's so hard to understand about that.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
jl2012
Legendary
*
Offline Offline

Activity: 1722


View Profile
June 27, 2012, 05:07:13 PM
 #96

However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.

Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.

The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed
That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint.

One the torwallet.net page it claims "Seizing or hacking this server will have no effect on TORwallet's services and gain you no bitcoins, only our wrath", but this is wrong. If the torwallet.net server is hacked, the private key of the SSL certificate is exposed, and the hacker will know the URL query strings
That is not correct. Torwallet.net does not contain any private keys, and it is a separate server from the .onion site. They are not hosted on the same server. Not sure what's so hard to understand about that.

I mean private key of the SSL certificate, not private key of BTC accounts. Not sure what's so hard to understand about that......

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 27, 2012, 05:09:14 PM
 #97

However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.

Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.

The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed
That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint.

One the torwallet.net page it claims "Seizing or hacking this server will have no effect on TORwallet's services and gain you no bitcoins, only our wrath", but this is wrong. If the torwallet.net server is hacked, the private key of the SSL certificate is exposed, and the hacker will know the URL query strings
That is not correct. Torwallet.net does not contain any private keys, and it is a separate server from the .onion site. They are not hosted on the same server. Not sure what's so hard to understand about that.

I mean private key of the SSL certificate, not private key of BTC accounts. Not sure what's so hard to understand about that......
I know you meant that, and you are incorrect. The private key of the SSL certificate is stored on the .onion site, not on the torwallet.net server. Perhaps you should look closer at how socat works: it has the option to serve up its own certificate, but that is not in use here. It is simply concatenating data between ports 443 and 9050, in both directions.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
jl2012
Legendary
*
Offline Offline

Activity: 1722


View Profile
June 27, 2012, 05:14:18 PM
 #98

However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.

Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.

The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed
That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint.

One the torwallet.net page it claims "Seizing or hacking this server will have no effect on TORwallet's services and gain you no bitcoins, only our wrath", but this is wrong. If the torwallet.net server is hacked, the private key of the SSL certificate is exposed, and the hacker will know the URL query strings
That is not correct. Torwallet.net does not contain any private keys, and it is a separate server from the .onion site. They are not hosted on the same server. Not sure what's so hard to understand about that.

I mean private key of the SSL certificate, not private key of BTC accounts. Not sure what's so hard to understand about that......
I know you meant that, and you are incorrect. The private key of the SSL certificate is stored on the .onion site, not on the torwallet.net server. Perhaps you should look closer at how socat works: it has the option to serve up its own certificate, but that is not in use here. It is simply concatenating data between ports 443 and 9050, in both directions.

I mean the private key of the SSL certificate of torwallet.net, not the SSL certificate of the .onion site ......

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 27, 2012, 05:16:33 PM
 #99

I know you meant that, and you are incorrect. The private key of the SSL certificate is stored on the .onion site, not on the torwallet.net server. Perhaps you should look closer at how socat works: it has the option to serve up its own certificate, but that is not in use here. It is simply concatenating data between ports 443 and 9050, in both directions.

I mean the private key of the SSL certificate of torwallet.net, not the SSL certificate of the .onion site ......
The SSL private key for torwallet.net is stored on the .onion server, and the .onion server does all the encryption and decryption. That's why it's a little slow; all the traffic must pass through tor first to get to and from the remote .onion server

torwallet.net does not have a private key of its own stored on it or in use for it.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
jl2012
Legendary
*
Offline Offline

Activity: 1722


View Profile
June 27, 2012, 05:22:32 PM
 #100

I know you meant that, and you are incorrect. The private key of the SSL certificate is stored on the .onion site, not on the torwallet.net server. Perhaps you should look closer at how socat works: it has the option to serve up its own certificate, but that is not in use here. It is simply concatenating data between ports 443 and 9050, in both directions.

I mean the private key of the SSL certificate of torwallet.net, not the SSL certificate of the .onion site ......
The SSL private key for torwallet.net is stored on the .onion server, and the .onion server does all the encryption and decryption. That's why it's a little slow; all the traffic must pass through tor first to get to and from the remote .onion server

torwallet.net does not have a private key of its own stored on it or in use for it.

oh sorry, I don't know this is possible! Thank you!

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 27, 2012, 05:31:13 PM
 #101

I know you meant that, and you are incorrect. The private key of the SSL certificate is stored on the .onion site, not on the torwallet.net server. Perhaps you should look closer at how socat works: it has the option to serve up its own certificate, but that is not in use here. It is simply concatenating data between ports 443 and 9050, in both directions.

I mean the private key of the SSL certificate of torwallet.net, not the SSL certificate of the .onion site ......
The SSL private key for torwallet.net is stored on the .onion server, and the .onion server does all the encryption and decryption. That's why it's a little slow; all the traffic must pass through tor first to get to and from the remote .onion server

torwallet.net does not have a private key of its own stored on it or in use for it.

This is exactly correct. We actually posted the incorrect socat command earlier so that may have led to some confusion. This is what we are actually using, pasted straight from the torwallet.net server.

socat TCP4-LISTEN:443,fork,su=nobody,reuseaddr SOCKS4A:127.0.0.1:nci2szjrwjqw2zbi.onion:443,socksport=9050

The torwallet.net server does not decrypt the SSL session, it only forwards encrypted data between the .onion and the client.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 27, 2012, 05:54:37 PM
 #102

I made a helpful diagram just to be sure. Socat is capable of the same things that "stunnel" is, but is also capable of so much more. Whereas with Stunnel you would need to perform encryption and decryption on the public-facing server, as well as the internal server, you don't have to do that with Socat. (However you still have the option to.) Socat allows you to pass arbitrary binary data (read: SSL data) via a socket, which is important when you are dealing with encrypted data.

Code:
Client --> Socat --> Tor Software --> Cloud of onions --> Tor Software --> apache/nginx/whatever --
             ^Still encrypted here                                         ^de/encryption is here |
                                     v Still encrypted here                                       |
                        Client <-- Socat <-- Tor Software <-- Cloud of onions <-- Tor Software <--|

And I thank torwallet.net for bringing this invaluable tool to my attention, because I had used stunnel in the past and this is just taking it to the next level.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 28, 2012, 02:07:59 AM
 #103

For all those who are concerned about leaking your TORwallet URL, we have now implemented an optional password feature. Once set the password will be required to send coins from the wallet.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
byronbb
Legendary
*
Offline Offline

Activity: 1414


HODL OR DIE


View Profile
July 03, 2012, 10:23:09 PM
 #104

You should consider an invoicing system akin to the one mtgox has developed with ability to charge in fiat.

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 04, 2012, 04:07:15 AM
 #105

You should consider an invoicing system akin to the one mtgox has developed with ability to charge in fiat.

Cuz that won't get them shutdown at all.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
byronbb
Legendary
*
Offline Offline

Activity: 1414


HODL OR DIE


View Profile
July 04, 2012, 05:07:40 AM
 #106

You should consider an invoicing system akin to the one mtgox has developed with ability to charge in fiat.

Cuz that won't get them shutdown at all.

Huh? You mean like how Silk Road got shut down?

Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
July 04, 2012, 05:43:43 AM
 #107

You mean like how Silk Road got shut down?

Silk road got shut down?  Shocked

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
BadBear
v2.0
Legendary
*
Offline Offline

Activity: 1652



View Profile WWW
July 04, 2012, 12:04:28 PM
 #108

You mean like how Silk Road got shut down?

Silk road got shut down?  Shocked

No, that was his point  Wink.

1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
levino
Sr. Member
****
Offline Offline

Activity: 362


View Profile WWW
July 04, 2012, 01:08:53 PM
 #109

3% is much too expensive. How about 0.01% per mix + the transaction costs? This will still be very profitable.

BM-2cWwQnMzK9XFTjfn6jSRRJwTG8a2wooR9A
www.coyno.com - www.bitcoinage.de
kangasbros
Hero Member
*****
Offline Offline

Activity: 812



View Profile
July 04, 2012, 01:41:33 PM
 #110

3% is much too expensive. How about 0.01% per mix + the transaction costs? This will still be very profitable.

If it is still very profitable, create your own competing service...

naima53
Hero Member
*****
Offline Offline

Activity: 616



View Profile
July 04, 2012, 06:06:54 PM
 #111

You should consider an invoicing system akin to the one mtgox has developed with ability to charge in fiat.
+1000 Make the exchange please B <-> LR and become a winner in this race exchanges!

Donate me) 16f6iWHHkVEnDReeBQPT9GwCNwUfPTXrp2
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
July 06, 2012, 12:30:05 AM
 #112

You should consider an invoicing system akin to the one mtgox has developed with ability to charge in fiat.

What?

We can display the USD value, but I don't see the point. Are you using torwallet as a receiving address for customer deposits?

You should consider an invoicing system akin to the one mtgox has developed with ability to charge in fiat.
+1000 Make the exchange please B <-> LR and become a winner in this race exchanges!

This is an interesting idea, however an exchange is significantly more complex than our service, and we do not feel that we can deal with the multitude of possible security threats that one experiences.

If anyone does implement this and needs assistance please do contact us.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
byronbb
Legendary
*
Offline Offline

Activity: 1414


HODL OR DIE


View Profile
July 07, 2012, 06:54:23 PM
 #113

You should consider an invoicing system akin to the one mtgox has developed with ability to charge in fiat.

What?

We can display the USD value, but I don't see the point. Are you using torwallet as a receiving address for customer deposits?


Pretty much yes. 

Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
July 12, 2012, 04:11:45 PM
 #114

Is Torwallet down? I can connect to torwallet.net (a different server), but I can't connect to the onion site, and https://torwallet.net/ returns a SSL error (not a "certificate untrusted" error.)

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
July 12, 2012, 04:31:33 PM
 #115

We are experiencing some issues with our tor server at the moment. Its not responding to its public IP address. There has been some rough weather in the area and a power outage. We believe that the UPS on the server may have ran dead before the power came back. One of us has to physically drive out to where the server is located and check on/reset it. Please give us a couple hours to get this resolved. Do not worry about your funds, we will be back.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
July 12, 2012, 07:09:29 PM
 #116

We are back online. The server was off and did not turn itself back on after the UPS battery drained.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
July 12, 2012, 07:20:56 PM
 #117

We are back online. The server was off and did not turn itself back on after the UPS battery drained.
Need moar generator

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2436



View Profile
July 13, 2012, 09:48:40 PM
 #118

We are experiencing some issues with our tor server at the moment. Its not responding to its public IP address. There has been some rough weather in the area and a power outage. We believe that the UPS on the server may have ran dead before the power came back. One of us has to physically drive out to where the server is located and check on/reset it. Please give us a couple hours to get this resolved. Do not worry about your funds, we will be back.

Probably not the best idea publishing time and cause of outage on a public forum. You just narrowed down the possible physical locations of your "hidden" server somewhat.

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 13, 2012, 10:20:00 PM
 #119

We are experiencing some issues with our tor server at the moment. Its not responding to its public IP address. There has been some rough weather in the area and a power outage. We believe that the UPS on the server may have ran dead before the power came back. One of us has to physically drive out to where the server is located and check on/reset it. Please give us a couple hours to get this resolved. Do not worry about your funds, we will be back.

Probably not the best idea publishing time and cause of outage on a public forum. You just narrowed down the possible physical locations of your "hidden" server somewhat.

Depending on who is searching i would say ALOT.

Compared with other data or other side-channel attacks it might even be possible to find the IP.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
July 13, 2012, 10:46:12 PM
 #120

We are experiencing some issues with our tor server at the moment. Its not responding to its public IP address. There has been some rough weather in the area and a power outage. We believe that the UPS on the server may have ran dead before the power came back. One of us has to physically drive out to where the server is located and check on/reset it. Please give us a couple hours to get this resolved. Do not worry about your funds, we will be back.

Probably not the best idea publishing time and cause of outage on a public forum. You just narrowed down the possible physical locations of your "hidden" server somewhat.

+1. What I was thinking.

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
July 13, 2012, 11:51:09 PM
 #121

We are experiencing some issues with our tor server at the moment. Its not responding to its public IP address. There has been some rough weather in the area and a power outage. We believe that the UPS on the server may have ran dead before the power came back. One of us has to physically drive out to where the server is located and check on/reset it. Please give us a couple hours to get this resolved. Do not worry about your funds, we will be back.

Probably not the best idea publishing time and cause of outage on a public forum. You just narrowed down the possible physical locations of your "hidden" server somewhat.

+1. What I was thinking.

Since the moment they posted publicly that they had started running an exit node on the server as disguise and that was why the server was slow so they stopped running the exit node the list of possible IP's was already narrowed down enough. This disclosure was just the last nail on the coffin. lol

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 14, 2012, 04:19:57 PM
 #122

True, all exit nodes are public.

Running an exit node on a hidden server is dumb dumb.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
July 14, 2012, 05:09:50 PM
 #123

True, all exit nodes are public.

Running an exit node on a hidden server is dumb dumb.

The dumb dumb part was saying they were running an exit node and even go as far as giving an aproximate timeframe for when it went live and when it went offline. Only the act of running an exit node could've even helped them with plausible deniability, if they managed to do it right.

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 14, 2012, 05:50:41 PM
 #124

True, all exit nodes are public.

Running an exit node on a hidden server is dumb dumb.

The dumb dumb part was saying they were running an exit node and even go as far as giving an aproximate timeframe for when it went live and when it went offline. Only the act of running an exit node could've even helped them with plausible deniability, if they managed to do it right.
Not mention the fact that if something nefarious were to exit through it and the partyvan were to show up and find the server by accident :/

I really like the idea of this, but given recent disclosures like this makes wonder if it being ran by the intersango group

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
July 14, 2012, 05:53:51 PM
 #125

I really like the idea of this, but given recent disclosures like this makes wonder if it being ran by the intersango group
I LOL'd

Ente
Legendary
*
Offline Offline

Activity: 2060



View Profile
July 14, 2012, 08:06:36 PM
 #126

Wow, seriously guys, I thought I was paranoid!
I am impressed, keep up the good work!

Ente
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
July 14, 2012, 08:21:15 PM
 #127

The way in which the operator of TORwallet has partially compromised his identity confirms for me this entire approach is wrong; it's a mistake to trust a third party to protect your anonymity.  Even when the owners of a mixing service have the best intentions they can make mistakes and if they can be located they can be threatened.

I don't know enough about cryptography to say how (or if) it can be accomplished but mixing coins needs to be done in a way in such a way that it's not necessary to trust the mixing service.
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
July 14, 2012, 08:24:21 PM
 #128

The way in which the operator of TORwallet has partially compromised his identity confirms for me this entire approach is wrong; it's a mistake to trust a third party to protect your anonymity.  Even when the owners of a mixing service have the best intentions they can make mistakes and if they can be located they can be threatened.

I don't know enough about cryptography to say how (or if) it can be accomplished but mixing coins needs to be done in a way in such a way that it's not necessary to trust the mixing service.
Use Instawallet through Tor. You can see for yourself using blockexplorer that it gets mixed nicely.

justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
July 14, 2012, 08:46:52 PM
 #129

Use Instawallet through Tor. You can see for yourself using blockexplorer that it gets mixed nicely.
Mixing isn't the problem. If Instawallet keeps records of its users it can map the mixed outputs to the original inputs and provide that information to third parties. Accessing Instawallet through Tor doesn't help with that.

It doesn't matter how trustworthy the operators of Instawallet are, they can be forced to keep those records against their will. https://en.wikipedia.org/wiki/Hushmail

So the only way to have secure mixing is if it's not possible for even the operators of the mixing service to determine which outputs correspond with the original inputs. I don't know if it's possible to do that or not; if I knew any cryptographers I'd ask them.
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
July 14, 2012, 08:59:06 PM
 #130

Use Instawallet through Tor. You can see for yourself using blockexplorer that it gets mixed nicely.
Mixing isn't the problem. If Instawallet keeps records of its users it can map the mixed outputs to the original inputs and provide that information to third parties. Accessing Instawallet through Tor doesn't help with that.

It doesn't matter how trustworthy the operators of Instawallet are, they can be forced to keep those records against their will. https://en.wikipedia.org/wiki/Hushmail

So the only way to have secure mixing is if it's not possible for even the operators of the mixing service to determine which outputs correspond with the original inputs. I don't know if it's possible to do that or not; if I knew any cryptographers I'd ask them.
It's not possible.
But what you can do is repeat the same few steps with different shared wallets or even simpler, just use SR.

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 14, 2012, 08:59:37 PM
 #131

blockchain.info's new anonymizer service reportedly only keeps records long enough to process the transaction (alough that does not help the Hushmail scenario you mentioned).

And it is open source Smiley

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
July 14, 2012, 09:33:17 PM
 #132

(alough that does not help the Hushmail scenario you mentioned).
What's the point of mixing if it isn't secure against that scenario?

If you don't like including protection from governments in your threat model then just replace court orders with sufficiently-motivated elements of organized crime, or malicious operators.
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 14, 2012, 11:01:06 PM
 #133

(alough that does not help the Hushmail scenario you mentioned).
What's the point of mixing if it isn't secure against that scenario?

If you don't like including protection from governments in your threat model then just replace court orders with sufficiently-motivated elements of organized crime, or malicious operators.
I guess that all depends on who you are hiding from.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
July 14, 2012, 11:22:32 PM
 #134

We have at no point ever operated an exit node. We may or may not be operating a relay. Our system keeps no records of deposits or withdraws, only a balance, even if someone gained access to our hidden server there is no way they could link past deposits and withdraws, only ones in the future.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
July 15, 2012, 12:00:55 AM
 #135

We have at no point ever operated an exit node. We may or may not be operating a relay. Our system keeps no records of deposits or withdraws, only a balance, even if someone gained access to our hidden server there is no way they could link past deposits and withdraws, only ones in the future.

Even if you just ran it as a middle-relay. You admited you ran it and you admited it went down on a specific date with an aproximate hour. That was not a smart thing to do.
Next time your server goes down, keep the reason to yourself. Wink

We just experienced about an hour of down time. We thought it would be a good idea to configure Tor as a relay to increase security, but it used up all the ram on the server and we had to reboot it.

Please do not worry if you had deposits. We are here for the long term.

Ente
Legendary
*
Offline Offline

Activity: 2060



View Profile
July 16, 2012, 09:24:44 AM
 #136

The way in which the operator of TORwallet has partially compromised his identity confirms for me this entire approach is wrong; it's a mistake to trust a third party to protect your anonymity.  Even when the owners of a mixing service have the best intentions they can make mistakes and if they can be located they can be threatened.

I don't know enough about cryptography to say how (or if) it can be accomplished but mixing coins needs to be done in a way in such a way that it's not necessary to trust the mixing service.

If your security/anonymity needs are that high, Bitcoin may not be the right thing for you. You always leave a trail while aquiring bitcoin. Your IP will always be there at some point (if you don't trust TOR). The closest thing would be mining over TOR or something like this.
In short, Bitcoin is well known to be pseudonymous, so you might instead use a centrally managed system (only one instance to trust) or better yet, some offline commodity (where you trust your partner). No free lunch once you become paranoid enough ;-)

I still say TORWallet comes close to the most trustworthy tumbler, in terms of anonymity (not in terms of "noone runs away with your coins" necessarily though). Which doesnt say you shouldn't cascade several services and tumblers.

Ente
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 16, 2012, 01:40:16 PM
 #137

The way in which the operator of TORwallet has partially compromised his identity confirms for me this entire approach is wrong; it's a mistake to trust a third party to protect your anonymity.  Even when the owners of a mixing service have the best intentions they can make mistakes and if they can be located they can be threatened.

I don't know enough about cryptography to say how (or if) it can be accomplished but mixing coins needs to be done in a way in such a way that it's not necessary to trust the mixing service.

If your security/anonymity needs are that high, Bitcoin may not be the right thing for you. You always leave a trail while aquiring bitcoin. Your IP will always be there at some point (if you don't trust TOR). The closest thing would be mining over TOR or something like this.
In short, Bitcoin is well known to be pseudonymous, so you might instead use a centrally managed system (only one instance to trust) or better yet, some offline commodity (where you trust your partner). No free lunch once you become paranoid enough ;-)

I still say TORWallet comes close to the most trustworthy tumbler, in terms of anonymity (not in terms of "noone runs away with your coins" necessarily though). Which doesnt say you shouldn't cascade several services and tumblers.

Ente

This is not always true... there are ways to take precautions if one so desires.  There is a reason BTC is used on the black market.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Ente
Legendary
*
Offline Offline

Activity: 2060



View Profile
July 16, 2012, 02:06:13 PM
 #138

The way in which the operator of TORwallet has partially compromised his identity confirms for me this entire approach is wrong; it's a mistake to trust a third party to protect your anonymity.  Even when the owners of a mixing service have the best intentions they can make mistakes and if they can be located they can be threatened.

I don't know enough about cryptography to say how (or if) it can be accomplished but mixing coins needs to be done in a way in such a way that it's not necessary to trust the mixing service.

If your security/anonymity needs are that high, Bitcoin may not be the right thing for you. You always leave a trail while aquiring bitcoin. Your IP will always be there at some point (if you don't trust TOR). The closest thing would be mining over TOR or something like this.
In short, Bitcoin is well known to be pseudonymous, so you might instead use a centrally managed system (only one instance to trust) or better yet, some offline commodity (where you trust your partner). No free lunch once you become paranoid enough ;-)

I still say TORWallet comes close to the most trustworthy tumbler, in terms of anonymity (not in terms of "noone runs away with your coins" necessarily though). Which doesnt say you shouldn't cascade several services and tumblers.

Ente

This is not always true... there are ways to take precautions if one so desires.  There is a reason BTC is used on the black market.


I, personally, feel secure enough with my way of handling bitcoin for the things I do with them. Which involves trusting various companies, services, exchanges and so on.
What I tried to say, is, you will quickly find limits in the usefulness of Bitcoin when you don't trust absolutely nobody..
Which, as a mind experiment, I enjoy, but not for (my) real-world applications.
Once you start calculating risks, thus accepting risks, things become much more reasonable. Like trusting the integrity of the TOR network, for example.

Ente
ImJello
Newbie
*
Offline Offline

Activity: 15


View Profile
August 12, 2012, 06:25:35 PM
 #139

Anybody have any idea where Torwallet is? I've been trying to get in contact with them the last couple of weeks.
therustytrombone
Full Member
***
Offline Offline

Activity: 129


View Profile
September 17, 2012, 05:23:10 PM
 #140

It's been over 48 hours and I'm still getting the "Hot wallet exhausted. Please wait while we move coins in from our offline wallet" message.  My e-mail and PM have so far gone unanswered, it's disconcerting to have funds locked up and unavailable.  How long does it usually take to replenish the hot wallet?

Thanks in advance
picobit
Hero Member
*****
Offline Offline

Activity: 547


Decor in numeris


View Profile
September 17, 2012, 06:41:51 PM
 #141

The problem with placing your money with an anonymous entity on the internet is that there is absolutely nothing you can do when they run away with them.  Perhaps that is not what is happening now, but it could be.   Angry
Mr. Coinman
Sr. Member
****
Offline Offline

Activity: 278



View Profile
September 18, 2012, 10:42:55 AM
 #142

It's been over 48 hours and I'm still getting the "Hot wallet exhausted. Please wait while we move coins in from our offline wallet" message.  My e-mail and PM have so far gone unanswered, it's disconcerting to have funds locked up and unavailable.  How long does it usually take to replenish the hot wallet?

Thanks in advance

Same here, I tried reaching them via email, but still haven't received a response. I too was getting the "Hot wallet exhausted. Please wait while we move coins in from our offline wallet" message, but now I've just found that my wallet has been deleted. I get a "404 Not Found" error when I try to access my wallet now. I hope this gets figured out soon.

therustytrombone
Full Member
***
Offline Offline

Activity: 129


View Profile
September 18, 2012, 05:01:00 PM
 #143

Hopefully that means they are replenishing the hot wallet, but who knows with the silent treatment we're getting.  Huh
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
September 18, 2012, 06:50:33 PM
 #144

The more time passes the easier it seems to juice coins out of fools

Sethenes
Newbie
*
Offline Offline

Activity: 18


View Profile
September 19, 2012, 01:33:43 AM
 #145

I'm having the same issue.  I have sent them a PM on this site as well as an email to their address at torwallet@tormail.org and have not received any responses.  The service was fine the last time I used it after I had checked to see if there was anything "scammy" about it, so I just assumed it would be okay just to use it as a quick intermediary.  Boy, was I wrong.  Not sure what the previous poster meant by "fools."  Let's face it, the nature of Bitcoin is that at any time during an exchange or transaction, anyone can walk away with your money and there's not much you can do.  The government sure isn't going to help you, because they want Bitcoin gone anyway.  Are all Bitcoin users fools then?  It's not like I put my life savings into Torwallet, it was a relatively small amount, thankfully, but enough to be annoying that it is stuck there.

Is there anyway we can import that address into our Blockchain wallet and release the coins from there? Or do they own the secret phrase for that address?

You'd think they could put up a note on their site that says they are having issues and that you will or may not be able to get your coins out right away after moving them in.  The silence is what is the most disconcerting.  
dancingnancy
Hero Member
*****
Offline Offline

Activity: 588



View Profile
September 19, 2012, 02:01:06 AM
 #146

The more time passes the easier it seems to juice coins out of fools

Unfortunately it does.  This website seemed like a great idea, but far too much temptation for the owners.  Plus, I wonder how much they made from mixing fees anyway?  Couldn't have been that much.



                                         ▄
                 ▄▄████████▄▄         ▄▄██
 ▄▄           ▄██▀▀        ▀▀██▄    ▄███▀
 ▀███▄▄     ▄█▀                ▀█▄▄█████▀
  ▀██████▄▄█▀                ▄▄███████▀
   ▐█████████▄           ▄▄███████████
     ▀█████████▄▄      ▄█████████████
       ▀██████████    ███████████████
        ▐▀█████████  █████████████▀ ▐▌
        ▐▌ ▀▀██████ ▐███████████▀   ▐▌
        ▐▌      ▀██ ▐█████████▀     ▐▌
         █        ▀  ██████         █
         ▐█          ▐█████▄       █▌
          ▀█▄         ▀██████▄   ▄█▀
            ▀█▄         ▀█████▌▄█▀
              ▀██▄▄       ▀▄▄██▀
                ▀▀████████▀▀
T
....ANGEL TOKEN....


                                         ▄
                 ▄▄████████▄▄         ▄▄██
 ▄▄           ▄██▀▀        ▀▀██▄    ▄█▀█▀ 
 ▀█▀█▄▄     ▄█▀                ▀█▄▄█  ▄█▀ 
  ▀█  ▀▀█▄▄█▀                ▄▄██░   █▀   
   ▐▄▄  ░░░▀█▄           ▄▄█▀▀░░░   ▄█     
     ▀█▄ ░░░▒▒█▄▄      ▄██▒▒▒▒▒░    █     
       ▀▄▄ ░░▒▒▒▓█    ██▒▒▒▒▒▒░   ▄▄█     
        ▐▀█▄░░▒▒▓██  █▓▒▒▒▒▒▒░  ▄█▀ ▐▌     
        ▐▌ ▀▀█▒▓███░▐█▓▒▒▒▒░░ ▄█▀   ▐▌     
        ▐▌      ▀██ ▐█▓▓▒▒▄▄▄█▀     ▐▌     
         █        ▀  █▓█▀▀█         █     
         ▐█          ▐▄▓░ █▄       █▌     
          ▀█▄         ▀█▒░ ▀█▄   ▄█▀       
            ▀█▄         ▀█▄▄▄█▌▄█▀         
              ▀██▄▄       ▀▄▄██▀           
                 ▀▀████████▀▀             

Mr. Coinman
Sr. Member
****
Offline Offline

Activity: 278



View Profile
September 19, 2012, 06:30:52 AM
 #147

I looked up the WHOIS data for torwallet.net - this is who the domain was registered by:

Quote
John Smith
11 Wall Street
New York
NY, 10005
US
Tel. +1.8003683375

Of course. Let's see if we can dig up anymore info on these guys.

davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
September 19, 2012, 08:48:22 AM
 #148

This website seemed like a great idea,
it really wasn't a good idea,

but far too much temptation for the owners.
and that's precisely why,

Plus, I wonder how much they made from mixing fees anyway?  Couldn't have been that much.
if you want to mix coins, use a big shared wallet that'll do it anonymously and for free, not a shared wallet hiding behind a Tor veil.

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
September 19, 2012, 09:00:47 AM
 #149

I looked up the WHOIS data for torwallet.net - this is who the domain was registered by:

Quote
John Smith
11 Wall Street
New York
NY, 10005
US
Tel. +1.8003683375

Of course. Let's see if we can dig up anymore info on these guys.

Using that will get you nowhere... But I remeber reading someone on the forum saying he met the Torwallet guy(s) at vegas, on defcon. You guys might want to search that.

Mr. Coinman
Sr. Member
****
Offline Offline

Activity: 278



View Profile
September 19, 2012, 09:19:04 AM
 #150

I looked up the WHOIS data for torwallet.net - this is who the domain was registered by:

Quote
John Smith
11 Wall Street
New York
NY, 10005
US
Tel. +1.8003683375

Of course. Let's see if we can dig up anymore info on these guys.

Using that will get you nowhere... But I remeber reading someone on the forum saying he met the Torwallet guy(s) at vegas, on defcon. You guys might want to search that.

This is the only thing I found mentioning that. https://bitcointalk.org/index.php?topic=91252.msg1011830#msg1011830

Thanks though, I'll keep digging around.

Mr. Coinman
Sr. Member
****
Offline Offline

Activity: 278



View Profile
September 19, 2012, 09:26:08 AM
 #151

I've compiled all claims that they are experiencing "problems with their database" here.

jl2012
Legendary
*
Offline Offline

Activity: 1722


View Profile
September 19, 2012, 10:04:38 AM
 #152

The forum should declare it as scam until they response and pay. People should never deposit large amount of money to a random anonymous service.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
September 19, 2012, 10:06:34 AM
 #153

I looked up the WHOIS data for torwallet.net - this is who the domain was registered by:

Quote
John Smith
11 Wall Street
New York
NY, 10005
US
Tel. +1.8003683375

Of course. Let's see if we can dig up anymore info on these guys.

Using that will get you nowhere... But I remeber reading someone on the forum saying he met the Torwallet guy(s) at vegas, on defcon. You guys might want to search that.

This is the only thing I found mentioning that. https://bitcointalk.org/index.php?topic=91252.msg1011830#msg1011830

Thanks though, I'll keep digging around.

Couldn't find it either. But I'm sure I read it. Probably the post was removed for "security" reasons. lol

Sethenes
Newbie
*
Offline Offline

Activity: 18


View Profile
September 19, 2012, 10:32:11 AM
 #154

I've compiled all claims that they are experiencing "problems with their database" here.

Going by one of those threads, it looks like someone may have found the physical location of their server.  -_-
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
September 19, 2012, 10:55:47 AM
 #155


ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
September 19, 2012, 07:32:29 PM
 #156

Assuming it was not a scam:  anyone consider that they got picked up by the FBI?  Wouldn't they be really interested on the clientele of a TOR based mixing service?

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
WikileaksDude
Hero Member
*****
Offline Offline

Activity: 490


Bitcoin Miner


View Profile WWW
September 19, 2012, 09:52:09 PM
 #157

I was about to use this service last night.

THANK GOD, guise... use silkroad for coins mixing ... its free. It only takes a while.

Or use blockchain.info mixing service.


Sethenes
Newbie
*
Offline Offline

Activity: 18


View Profile
September 19, 2012, 11:12:25 PM
 #158

It's been over 48 hours and I'm still getting the "Hot wallet exhausted. Please wait while we move coins in from our offline wallet" message.  My e-mail and PM have so far gone unanswered, it's disconcerting to have funds locked up and unavailable.  How long does it usually take to replenish the hot wallet?

Thanks in advance

Same here, I tried reaching them via email, but still haven't received a response. I too was getting the "Hot wallet exhausted. Please wait while we move coins in from our offline wallet" message, but now I've just found that my wallet has been deleted. I get a "404 Not Found" error when I try to access my wallet now. I hope this gets figured out soon.

Have you tried accessing your wallet lately?  Mine is still there and still has my bitcoin in there.  That's what's strange, if they were going to run away with it wouldn't it be gone or deleted?  Maybe they're in the hospital.  Any number of things could be wrong.  I'm just surprised more people haven't posted anything.  Maybe it's just us few fools who have used it recently.
Mr. Coinman
Sr. Member
****
Offline Offline

Activity: 278



View Profile
September 20, 2012, 12:14:42 AM
 #159

It's been over 48 hours and I'm still getting the "Hot wallet exhausted. Please wait while we move coins in from our offline wallet" message.  My e-mail and PM have so far gone unanswered, it's disconcerting to have funds locked up and unavailable.  How long does it usually take to replenish the hot wallet?

Thanks in advance

Same here, I tried reaching them via email, but still haven't received a response. I too was getting the "Hot wallet exhausted. Please wait while we move coins in from our offline wallet" message, but now I've just found that my wallet has been deleted. I get a "404 Not Found" error when I try to access my wallet now. I hope this gets figured out soon.

Have you tried accessing your wallet lately?  Mine is still there and still has my bitcoin in there.  That's what's strange, if they were going to run away with it wouldn't it be gone or deleted?  Maybe they're in the hospital.  Any number of things could be wrong.  I'm just surprised more people haven't posted anything.  Maybe it's just us few fools who have used it recently.

Luckily I had only a very small amount in my wallet there, but like I said earlier, when I attempted to send my coins to another address I was met with the "Hot wallet exhausted. Please wait while we move coins in from our offline wallet" message. After waiting some time, I decided to email them about the issue. They never responded, but shortly after I sent them them the message, I found my wallet to be inaccessible. I'm almost certain they deleted it.

kokojie
Legendary
*
Offline Offline

Activity: 1694



View Profile
September 20, 2012, 03:29:35 AM
 #160

This is 100% scam. I mean even clearnet hosted wallet provider like mybitcoin.com ended up to be scammy, this is 100% scam.

btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
iCEBREAKER
Legendary
*
Offline Offline

Activity: 1848


[LOL2X]


View Profile WWW
September 20, 2012, 04:27:40 AM
 #161



Too soon? 


██████████
█████████████████
██████████████████████
█████████████████████████
████████████████████████████
████
████████████████████████
█████
███████████████████████████
█████
███████████████████████████
██████
████████████████████████████
██████
████████████████████████████
██████
████████████████████████████
██████
███████████████████████████
██████
██████████████████████████
█████
███████████████████████████
█████████████
██████████████
████████████████████████████
█████████████████████████
██████████████████████
█████████████████
██████████

Monero
"The difference between bad and well-developed digital cash will determine
whether we have a dictatorship or a real democracy." 
David Chaum 1996
"Fungibility provides privacy as a side effect."  Adam Back 2014
Buy and sell XMR near you
P2P Exchange Network
Buy XMR with fiat
apetersson
Hero Member
*****
Offline Offline

Activity: 666



View Profile
September 20, 2012, 07:15:54 AM
 #162

i remember torwallet used two accounts here on the forums and sometimes confused them. somebody should look into that.

for example:

https://bitcointalk.org/index.php?topic=91252.msg1011832#msg1011832
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
September 20, 2012, 09:39:43 AM
 #163

i remember torwallet used two accounts here on the forums and sometimes confused them. somebody should look into that.

for example:

https://bitcointalk.org/index.php?topic=91252.msg1011832#msg1011832

They also admitted on their whitelisting request to have another forum account.

Sethenes
Newbie
*
Offline Offline

Activity: 18


View Profile
September 20, 2012, 10:53:14 AM
 #164

TORwallet : "You probably want to know why you should trust us. Our answer is don't. Only deposit as many coins as you are willing to lose while we build trust in the community."

Glad I only put a very small amount in there on Monday evening.  Still can't get them out.  So, how long before they're officially a scammer?
kokojie
Legendary
*
Offline Offline

Activity: 1694



View Profile
September 20, 2012, 01:07:48 PM
 #165

TORwallet : "You probably want to know why you should trust us. Our answer is don't. Only deposit as many coins as you are willing to lose while we build trust in the community."

Glad I only put a very small amount in there on Monday evening.  Still can't get them out.  So, how long before they're officially a scammer?

The problem is they are not putting up verified identity information online, this is always a sign of scammer. Doesn't matter how "trusted" their forum id becomes, pirateat40 was a highly reputable BTC trader, highly trusted forum account with thousands of posts, he's more reputable than 99% of users on this forum. This is until he decided to scam people millions of dollars. He never provided his true identity though, a sign of scammer.

btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
mb300sd
Legendary
*
Offline Offline

Activity: 1260

Drunk Posts


View Profile WWW
September 20, 2012, 04:40:36 PM
 #166

I have 2 deposits of approx 10BTC from a couple days ago, and neither has moved... They normally get moved to a large wallet within a day or so, and it seemed like part of the normal mixing process, it possible the owner might have abandoned the site or died or something.

1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2436



View Profile
September 21, 2012, 02:01:33 AM
 #167

I have 2 deposits of approx 10BTC from a couple days ago, and neither has moved... They normally get moved to a large wallet within a day or so, and it seemed like part of the normal mixing process, it possible the owner might have abandoned the site or died or something.

Presidential order drone strike?

gildedtophat
Newbie
*
Offline Offline

Activity: 12



View Profile
September 21, 2012, 02:20:56 AM
 #168

Would be nice to get my 1.5 BTC back, but I'm not holding my breath.

1EL5dE9WnMd2Aj8xDdDERmHwRAX5RyBSED
Dabs
Staff
Legendary
*
Online Online

Activity: 1876



View Profile
September 22, 2012, 04:06:12 AM
 #169

For example, I put some bitcoins in Mt. Gox. I traded them for USD. Then I traded them back for bitcoins after a day. I lost in the spread and the difference, but I'm still close to the original bitcoins. Then I withdraw the bitcoins back to my own wallet on my computer.

Is that mixed enough? I mean, for less than 200 bitcoins per day its something you could use and you'd be essentially anonymous even to Mt. Gox because you don't use a verified account, although you can't use TOR on it.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
September 22, 2012, 07:40:47 AM
 #170

For example, I put some bitcoins in Mt. Gox. I traded them for USD. Then I traded them back for bitcoins after a day. I lost in the spread and the difference, but I'm still close to the original bitcoins. Then I withdraw the bitcoins back to my own wallet on my computer.
You don't understand hox shared wallets like mtgox work. You don't even need to trade your coins for them to get mixed.

Tweaked
Newbie
*
Offline Offline

Activity: 28



View Profile
September 23, 2012, 01:42:38 PM
 #171

Finally I can post in this section!!  Grin

I thought everyone should know that I have setup a site dedicated to keeping everyone updated with the current status of TORWallet

http://torwalletstatus.com/

Basically the back-end is just a bash script running a constant post to https://torwallet.com and http://nci2szjrwjqw2zbi.onion.
Attempting to send coins out from a wallet. The status site will be updated if there is any change that affects the sending of bitcoins out of TORWallet.

Code:
while :
do
curl --insecure -A "Give Me My Coins Back" -d "addr=1SexvYkJNPmDhkaxn5QDzfMEPtgu9p6cr&amt=1&pass=PASSWORD" "https://torwallet.net/send/c7cc9c381827e71e64c601716041d121c02ef556dfcf039fb6f90783a911ddb8 "
sleep 10
done

https://bitcointalk.org/index.php?topic=112201.0

1SexvYkJNPmDhkaxn5QDzfMEPtgu9p6cr
Mr. Coinman
Sr. Member
****
Offline Offline

Activity: 278



View Profile
September 23, 2012, 08:09:59 PM
 #172

Finally I can post in this section!!  Grin

I thought everyone should know that I have setup a site dedicated to keeping everyone updated with the current status of TORWallet

http://torwalletstatus.com/

Basically the back-end is just a bash script running a constant post to https://torwallet.com and http://nci2szjrwjqw2zbi.onion.
Attempting to send coins out from a wallet. The status site will be updated if there is any change that affects the sending of bitcoins out of TORWallet.

Code:
while :
do
curl --insecure -A "Give Me My Coins Back" -d "addr=1SexvYkJNPmDhkaxn5QDzfMEPtgu9p6cr&amt=1&pass=PASSWORD" "https://torwallet.net/send/c7cc9c381827e71e64c601716041d121c02ef556dfcf039fb6f90783a911ddb8 "
sleep 10
done

https://bitcointalk.org/index.php?topic=112201.0


Unfortunately my entire wallet has been deleted so these scripts are no use for me, but thank you for creating it for others!

SnafuKazoo
Newbie
*
Offline Offline

Activity: 12


View Profile
September 23, 2012, 09:46:40 PM
 #173

We are experienced bitcoiners and developers starting up a new service. 2 members of our team are senior members here with >500 posts. Be nice to get out of here to post a proper announcement and provide any support needed.

It would be nice if TORwallet popped in here to provide the support he/she promised back in June.
OP will surely deliver.  Let's just wait.  /s
Tweaked
Newbie
*
Offline Offline

Activity: 28



View Profile
September 23, 2012, 11:11:35 PM
 #174

I'm seeing a pattern in the users that have emailed the link to TORWallet seem to be the ones that have lost there coins straight away.

Mr. Coinman what was your original coin address?

Did you email TORWallet your link?

Thanks

1SexvYkJNPmDhkaxn5QDzfMEPtgu9p6cr
Mr. Coinman
Sr. Member
****
Offline Offline

Activity: 278



View Profile
September 24, 2012, 01:17:06 AM
 #175

Oddly enough, I didn't include my wallet link in my address in my email. I contacted them just a few minutes after I first encountered the issue, so I'm sure they were able to pinpoint which wallet was mine.

My wallet address was 1XpiVTC5MR2LMwk5Xrh3waC1Ynmo4jAqa.

timmah
Member
**
Offline Offline

Activity: 70


View Profile
September 24, 2012, 03:01:24 AM
 #176

I'm re-posting here because I've been white-listed but I've been screwed out of 200+ coins too.  I emailed them shortly after it happened and no reply.


They took over 200 coins from me with an error message just saying "database error!" it's been over 2 weeks.

http://blockchain.info/address/182NaP96cptwjxNgpzxwYJ9uLxxZMhMFXv

they moved my coins already but no way for me to get access to them and they haven't replied to my emails.

I think they are SCAMMERS holding my 200+ coins hostage!

Your coins where moved to the address 1NfsP7ABs94KGHfTaC94nJGU84CvjHJhmD after 5 hours, was this done by you or do you think the TORWallet service performed this action?



That was them, I have not had access to my coins since I first sent them, even before the transaction had 3 confirmations I received a nice message that says: "Database Error!" on their website.  All blank but just that message.  I basically sent the coins waited about 5 minutes, clicked on the refresh balance button and BAM got that error.  It has the same error in onion or on clearnet.  I've emailed them with the link and they have done nothing at all.  I would think that this kind of error would be simple for them to fix or at least send my coins to a wallet that I can access, even if their website shows this error it's obvious that the coins are still accessible from their backend. 

I would post the link even just to prove that it shows "Database Error!" but I don't really see the point in that as there is no other information I can get from doing that and if they do eventually fix it someone could get to it before me and send my coins to themselves Tongue.

I hope they see this and get themselves together, this is very unprofessional and a 100% scam if they don't get my coins back to me.

So much for testing a new service...

BTW, I followed the rest of the coins, after they merged into a larger wallet it seams that the pattern continues to merge into wallets with 2 transactions at a time, a small and big transfer.  I followed the big transfer which continued the pattern (all being spent of course) until it split by almost half into smaller amounts then all of a sudden to http://blockchain.info/address/1BLitZGYgERqp1NUgnHLBSfEng6QmZaWKe which has 804 transactions, of course this could have just been someone else who used the service as I'm not sure how they actually mix the coins because I don't see where my coins went to a larger wallet with just a balance... I have a feeling they spent my coins or are using other people's money to gamble and they lost the bitcoins causing a shortage.
SysRun
Hero Member
*****
Offline Offline

Activity: 616


Portland Bitcoin Group Organizer


View Profile
September 24, 2012, 03:11:34 AM
 #177

Where's the scammer tag? last active over a week ago??!!

Images are not allowed. As your member rank increases, you can use more types of styling in your signature, and your signature can be longer. See the stickies in Meta for more info.
Max 2000; characters remaining: 1781
Mr. Coinman
Sr. Member
****
Offline Offline

Activity: 278



View Profile
September 24, 2012, 06:14:36 AM
 #178

Where's the scammer tag? last active over a week ago??!!

I think it's fair that if we don't hear back from them by Friday, they get one. Anyone disagree?

flower1024
Legendary
*
Offline Offline

Activity: 1162



View Profile
September 24, 2012, 06:18:31 AM
 #179

Where's the scammer tag? last active over a week ago??!!

I think it's fair that if we don't hear back from them by Friday, they get one. Anyone disagree?

pm maged or open a thread in scam accusations if you want him a scammer tag.
otherwise it wont happen

Tweaked
Newbie
*
Offline Offline

Activity: 28



View Profile
September 24, 2012, 06:37:57 AM
 #180

Where's the scammer tag? last active over a week ago??!!

I think it's fair that if we don't hear back from them by Friday, they get one. Anyone disagree?

pm maged or open a thread in scam accusations if you want him a scammer tag.
otherwise it wont happen

The moderators must be doing a good job... Huh

Posted here now
https://bitcointalk.org/index.php?topic=112327.0

1SexvYkJNPmDhkaxn5QDzfMEPtgu9p6cr
Dabs
Staff
Legendary
*
Online Online

Activity: 1876



View Profile
September 25, 2012, 01:49:34 AM
 #181

For example, I put some bitcoins in Mt. Gox. I traded them for USD. Then I traded them back for bitcoins after a day. I lost in the spread and the difference, but I'm still close to the original bitcoins. Then I withdraw the bitcoins back to my own wallet on my computer.
You don't understand hox shared wallets like mtgox work. You don't even need to trade your coins for them to get mixed.


So is it correct to say, that I just put my bitcoins into a brand new Mt. Gox account, (for example 200 bitcoins). Wait a day or two, then withdraw them out. I get 200 mixed bitcoins? hehheehehehe... so mixing can be free? (or the wait can be shorter?)

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
September 25, 2012, 08:01:06 AM
 #182

So is it correct to say, that I just put my bitcoins into a brand new Mt. Gox account, (for example 200 bitcoins). Wait a day or two, then withdraw them out. I get 200 mixed bitcoins? hehheehehehe... so mixing can be free? (or the wait can be shorter?)
Yes, unless MtGox decides to AMhell you.
MtGox is a really bad pick though because they won't let you connect through Tor and might request your ID.
Any big shared wallet to which you can connect through Tor will be fine.

The waiting period is important because your funds usually get mixed with hot funds, and not the cold wallet (unless you wait enough), so you should :
 - pick a fat shared wallet that lets you connect anonymously
 - wait a couple of days before withdrawing
 - withdraw in random amounts to random addresses

Dabs
Staff
Legendary
*
Online Online

Activity: 1876



View Profile
September 26, 2012, 02:40:51 AM
 #183

Is there a list of "fat shared wallets" ? Sort of a list of where you can possibly mix your coins? I understand there are paid ones (like this TORwallet and blockchain also has one) but there are free alternatives, or almost free, or maybe possibly free, like MtGox.

Off the top of my head, I can think of Silk Road (but I have never gone there, and I don't think I would want to.) and many of the online wallets, like instawallet or blockchain or blockexplorer wallet.

I think MtGox might be ok for low number of bitcoins. I have less than 200, so I don't even reach their daily limit.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
flower1024
Legendary
*
Offline Offline

Activity: 1162



View Profile
September 26, 2012, 06:06:16 AM
 #184

Is there a list of "fat shared wallets" ? Sort of a list of where you can possibly mix your coins? I understand there are paid ones (like this TORwallet and blockchain also has one) but there are free alternatives, or almost free, or maybe possibly free, like MtGox.

Off the top of my head, I can think of Silk Road (but I have never gone there, and I don't think I would want to.) and many of the online wallets, like instawallet or blockchain or blockexplorer wallet.

I think MtGox might be ok for low number of bitcoins. I have less than 200, so I don't even reach their daily limit.

i think glbse is a good choice for this
i always send my coins through glbse if i dont know where there are from (i still think mtgox needs an api to check if they would accept the coins beforehand...i just hate their "close account and verify"-policy)

davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
September 26, 2012, 09:22:17 AM
 #185

Is there a list of "fat shared wallets" ? Sort of a list of where you can possibly mix your coins? I understand there are paid ones (like this TORwallet and blockchain also has one) but there are free alternatives, or almost free, or maybe possibly free, like MtGox.

Off the top of my head, I can think of Silk Road (but I have never gone there, and I don't think I would want to.) and many of the online wallets, like instawallet or blockchain or blockexplorer wallet.

I think MtGox might be ok for low number of bitcoins. I have less than 200, so I don't even reach their daily limit.
Blockchain isn't a shared wallet, your coins aren't pooled with other ones there. The coins you deposit will be the same coins you withdraw.
Just pick one that lets you connect through Tor, like Instawallet for example Wink

Tweaked
Newbie
*
Offline Offline

Activity: 28



View Profile
September 26, 2012, 09:33:56 AM
 #186

Quote
Dear user. Hotwallet will be shut down on January 1st, 2013. It was a nice experiment but I've decided to take the skills I have learned in creating hotwallet and apply them in another direction. Do not create a new account or send money here unless it's for short-term use. Thank you for using hotwallet. If you have any issues please e-mail usagi@tsukino.ca. Thanks and bye!

1SexvYkJNPmDhkaxn5QDzfMEPtgu9p6cr
Mr. Coinman
Sr. Member
****
Offline Offline

Activity: 278



View Profile
September 26, 2012, 08:09:01 PM
 #187

Quote
Dear user. Hotwallet will be shut down on January 1st, 2013. It was a nice experiment but I've decided to take the skills I have learned in creating hotwallet and apply them in another direction. Do not create a new account or send money here unless it's for short-term use. Thank you for using hotwallet. If you have any issues please e-mail usagi@tsukino.ca. Thanks and bye!

Off topic, but this is at least the 50th bitcoin-related website I've seen make use of Twitter Bootstrap. Why is it so popular in this community?

davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
September 26, 2012, 10:11:28 PM
 #188

Quote
Dear user. Hotwallet will be shut down on January 1st, 2013. It was a nice experiment but I've decided to take the skills I have learned in creating hotwallet and apply them in another direction. Do not create a new account or send money here unless it's for short-term use. Thank you for using hotwallet. If you have any issues please e-mail usagi@tsukino.ca. Thanks and bye!

Off topic, but this is at least the 50th bitcoin-related website I've seen make use of Twitter Bootstrap. Why is it so popular in this community?
Bootstrap gets some boring stuff out of the way, and ultimately gets your product faster on the market.

kangasbros
Hero Member
*****
Offline Offline

Activity: 812



View Profile
September 27, 2012, 09:58:03 AM
 #189

Off topic, but this is at least the 50th bitcoin-related website I've seen make use of Twitter Bootstrap. Why is it so popular in this community?

It is popular with every startup with a shoestring budget... Just that the more traditional startups have probably more money and probably invest more to the front-end stuff. With bitcoin your biggest concern is security and you tend to invest to that, and not that much to front-end.

apetersson
Hero Member
*****
Offline Offline

Activity: 666



View Profile
September 29, 2012, 11:58:39 PM
 #190

With bitcoin your biggest concern is security and you tend to invest to that, and not that much to front-end.
we should just declare bootstrap as a de-facto standard for bitcoin web apps and make that a best-practice and a requirement for a security certificate.
i am actually serious about that. it looks good enough and it makes developers spend more time on where it matters. for some users it could also be a good experience since this is the de-facto default UI everyone knows from other sites.
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
September 30, 2012, 09:49:25 AM
 #191

i am actually serious about that.

Staring Owl
Member
**
Offline Offline

Activity: 90


View Profile
November 07, 2012, 11:44:46 AM
 #192

1 month later, the site is still up, is there any evolvement of the case?

Also, since as explained here mixing coins seems quite easy on your own for free, using shared big wallets, why such services charging 3-5% still thrive?
Are there any advantages of them? Or it's just the lack of knowledge in people as usual... ? Smiley

 Grin SLOT machine with generous payouts and affiliate program. BTC No registration needed BTC Start playing for real within seconds BTC Provably fair and transparent BTC You can win up to 5000 times your bet BTC Or make 30% by referring friends. ->  BitBandit.eu
EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 616



View Profile
December 04, 2012, 02:15:59 PM
 #193

why such services charging 3-5% still thrive?

What makes you think they "thrive"?
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
December 04, 2012, 03:06:42 PM
 #194

why such services charging 3-5% still thrive?

What makes you think they "thrive"?

Why are you bumping a scammer's thread whith an off-topic reply to a one month old reply?

Staring Owl
Member
**
Offline Offline

Activity: 90


View Profile
March 06, 2013, 04:25:05 PM
 #195

why such services charging 3-5% still thrive?

What makes you think they "thrive"?

Why are you bumping a scammer's thread whith an off-topic reply to a one month old reply?

to see if there is some kind of an evolvement dude

 Grin SLOT machine with generous payouts and affiliate program. BTC No registration needed BTC Start playing for real within seconds BTC Provably fair and transparent BTC You can win up to 5000 times your bet BTC Or make 30% by referring friends. ->  BitBandit.eu
johnniewalker
Legendary
*
Offline Offline

Activity: 896



View Profile
March 07, 2013, 02:16:24 AM
 #196

You can access Flexcoin (basic wallet service-they even pay interest) on Tor.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1358


Bitcoin: An Idea Worth Spending


View Profile
March 28, 2013, 03:41:36 PM
 #197

Form googlemail directly? I can not believe that.. Who in their right mind would do that?

There are other options: "Google Toolbar", Chrome.. but it does not matter.

Google indexes stuff that people publish, it does not do black magic.

Google know about 1560 URLs (by screenshot)
For safety reasons, he showed you only the first 170, but there are other ways to get those links.

But the problem is not in Google. The problem is that even Google can find a lot of URLs.
What you don't understand is that simply visiting the root of the instawallet site (and Torwallet too) redirects you to a new virgin wallet without clicking any buttons. When this happens, the URL changes, so Google indexes a new URL each time, because it doesn't understand what happened and it thinks that there is new content to be shown to search users. IT CANNOT AND WILL NOT DISCOVER EXISTING URLS UNLESS THEY ARE SPECIFICALLY PUBLISHED.

And that BS about Gmail was retarded, they don't index or publish your mail, they just scan it for keywords to provide relevant advertising.

Apologies for the quick aside in re. bold. (was redirected to this thread via another)

I stay logged into my main Google email account that I only use of barn wood sale purposes. Two days ago Google sent me an email to suggest 6 friends for a Google+ account I don't own, nor have one in some other name.

The suggestions consisted of 3 Bitcoin entities (one, a real person), 2 loosely connected Bitcoin related entities, and the valedictorian of my 1978 high school class who now lives in Hershey, PA, whom which I haven't seen, nor contacted him in 35 years, but he is the vice president of a major insurance concern. Nor have I ever Googled his name.

The only name I have ever used in my email correspondence is my real first name, Bruno--no last name.

Now, somebody tell me how that's even possible from gleaning words from an email account that its sole purpose for setting up was to buy and sell century-old, rotten, musty smelling, worm infested barn wood.
dree12
Legendary
*
Offline Offline

Activity: 1246



View Profile
July 25, 2013, 09:04:17 PM
 #198

Sorry to bump this thread, but I have a question.

The address 1BLitZGYgERqp1NUgnHLBSfEng6QmZaWKe was connected to the TORWallet theft. However, the address was primarily used for SatoshiDICE gambling. AFAIK, SatoshiDICE cannot be used to launder or mix coins. Is there another reason the thief would want to use SatoshiDICE?
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
July 30, 2013, 05:32:50 PM
 #199

Sorry to bump this thread, but I have a question.

The address 1BLitZGYgERqp1NUgnHLBSfEng6QmZaWKe was connected to the TORWallet theft. However, the address was primarily used for SatoshiDICE gambling. AFAIK, SatoshiDICE cannot be used to launder or mix coins. Is there another reason the thief would want to use SatoshiDICE?
Same reason as anyone's for using SatoshiDICE.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Pages: 1 2 3 4 5 6 7 8 9 10 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!