Bitcoin Forum
December 09, 2016, 09:57:20 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 [7] 8 9 10 »  All
  Print  
Author Topic: [ANNOUNCE] TORwallet - anonymous mixing wallet service  (Read 26627 times)
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
July 13, 2012, 11:51:09 PM
 #121

We are experiencing some issues with our tor server at the moment. Its not responding to its public IP address. There has been some rough weather in the area and a power outage. We believe that the UPS on the server may have ran dead before the power came back. One of us has to physically drive out to where the server is located and check on/reset it. Please give us a couple hours to get this resolved. Do not worry about your funds, we will be back.

Probably not the best idea publishing time and cause of outage on a public forum. You just narrowed down the possible physical locations of your "hidden" server somewhat.

+1. What I was thinking.

Since the moment they posted publicly that they had started running an exit node on the server as disguise and that was why the server was slow so they stopped running the exit node the list of possible IP's was already narrowed down enough. This disclosure was just the last nail on the coffin. lol

1481277440
Hero Member
*
Offline Offline

Posts: 1481277440

View Profile Personal Message (Offline)

Ignore
1481277440
Reply with quote  #2

1481277440
Report to moderator
1481277440
Hero Member
*
Offline Offline

Posts: 1481277440

View Profile Personal Message (Offline)

Ignore
1481277440
Reply with quote  #2

1481277440
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 14, 2012, 04:19:57 PM
 #122

True, all exit nodes are public.

Running an exit node on a hidden server is dumb dumb.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
July 14, 2012, 05:09:50 PM
 #123

True, all exit nodes are public.

Running an exit node on a hidden server is dumb dumb.

The dumb dumb part was saying they were running an exit node and even go as far as giving an aproximate timeframe for when it went live and when it went offline. Only the act of running an exit node could've even helped them with plausible deniability, if they managed to do it right.

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 14, 2012, 05:50:41 PM
 #124

True, all exit nodes are public.

Running an exit node on a hidden server is dumb dumb.

The dumb dumb part was saying they were running an exit node and even go as far as giving an aproximate timeframe for when it went live and when it went offline. Only the act of running an exit node could've even helped them with plausible deniability, if they managed to do it right.
Not mention the fact that if something nefarious were to exit through it and the partyvan were to show up and find the server by accident :/

I really like the idea of this, but given recent disclosures like this makes wonder if it being ran by the intersango group

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 14, 2012, 05:53:51 PM
 #125

I really like the idea of this, but given recent disclosures like this makes wonder if it being ran by the intersango group
I LOL'd

Ente
Legendary
*
Offline Offline

Activity: 1834



View Profile
July 14, 2012, 08:06:36 PM
 #126

Wow, seriously guys, I thought I was paranoid!
I am impressed, keep up the good work!

Ente
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
July 14, 2012, 08:21:15 PM
 #127

The way in which the operator of TORwallet has partially compromised his identity confirms for me this entire approach is wrong; it's a mistake to trust a third party to protect your anonymity.  Even when the owners of a mixing service have the best intentions they can make mistakes and if they can be located they can be threatened.

I don't know enough about cryptography to say how (or if) it can be accomplished but mixing coins needs to be done in a way in such a way that it's not necessary to trust the mixing service.
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 14, 2012, 08:24:21 PM
 #128

The way in which the operator of TORwallet has partially compromised his identity confirms for me this entire approach is wrong; it's a mistake to trust a third party to protect your anonymity.  Even when the owners of a mixing service have the best intentions they can make mistakes and if they can be located they can be threatened.

I don't know enough about cryptography to say how (or if) it can be accomplished but mixing coins needs to be done in a way in such a way that it's not necessary to trust the mixing service.
Use Instawallet through Tor. You can see for yourself using blockexplorer that it gets mixed nicely.

justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
July 14, 2012, 08:46:52 PM
 #129

Use Instawallet through Tor. You can see for yourself using blockexplorer that it gets mixed nicely.
Mixing isn't the problem. If Instawallet keeps records of its users it can map the mixed outputs to the original inputs and provide that information to third parties. Accessing Instawallet through Tor doesn't help with that.

It doesn't matter how trustworthy the operators of Instawallet are, they can be forced to keep those records against their will. https://en.wikipedia.org/wiki/Hushmail

So the only way to have secure mixing is if it's not possible for even the operators of the mixing service to determine which outputs correspond with the original inputs. I don't know if it's possible to do that or not; if I knew any cryptographers I'd ask them.
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 14, 2012, 08:59:06 PM
 #130

Use Instawallet through Tor. You can see for yourself using blockexplorer that it gets mixed nicely.
Mixing isn't the problem. If Instawallet keeps records of its users it can map the mixed outputs to the original inputs and provide that information to third parties. Accessing Instawallet through Tor doesn't help with that.

It doesn't matter how trustworthy the operators of Instawallet are, they can be forced to keep those records against their will. https://en.wikipedia.org/wiki/Hushmail

So the only way to have secure mixing is if it's not possible for even the operators of the mixing service to determine which outputs correspond with the original inputs. I don't know if it's possible to do that or not; if I knew any cryptographers I'd ask them.
It's not possible.
But what you can do is repeat the same few steps with different shared wallets or even simpler, just use SR.

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 14, 2012, 08:59:37 PM
 #131

blockchain.info's new anonymizer service reportedly only keeps records long enough to process the transaction (alough that does not help the Hushmail scenario you mentioned).

And it is open source Smiley

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
July 14, 2012, 09:33:17 PM
 #132

(alough that does not help the Hushmail scenario you mentioned).
What's the point of mixing if it isn't secure against that scenario?

If you don't like including protection from governments in your threat model then just replace court orders with sufficiently-motivated elements of organized crime, or malicious operators.
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 14, 2012, 11:01:06 PM
 #133

(alough that does not help the Hushmail scenario you mentioned).
What's the point of mixing if it isn't secure against that scenario?

If you don't like including protection from governments in your threat model then just replace court orders with sufficiently-motivated elements of organized crime, or malicious operators.
I guess that all depends on who you are hiding from.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
July 14, 2012, 11:22:32 PM
 #134

We have at no point ever operated an exit node. We may or may not be operating a relay. Our system keeps no records of deposits or withdraws, only a balance, even if someone gained access to our hidden server there is no way they could link past deposits and withdraws, only ones in the future.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
July 15, 2012, 12:00:55 AM
 #135

We have at no point ever operated an exit node. We may or may not be operating a relay. Our system keeps no records of deposits or withdraws, only a balance, even if someone gained access to our hidden server there is no way they could link past deposits and withdraws, only ones in the future.

Even if you just ran it as a middle-relay. You admited you ran it and you admited it went down on a specific date with an aproximate hour. That was not a smart thing to do.
Next time your server goes down, keep the reason to yourself. Wink

We just experienced about an hour of down time. We thought it would be a good idea to configure Tor as a relay to increase security, but it used up all the ram on the server and we had to reboot it.

Please do not worry if you had deposits. We are here for the long term.

Ente
Legendary
*
Offline Offline

Activity: 1834



View Profile
July 16, 2012, 09:24:44 AM
 #136

The way in which the operator of TORwallet has partially compromised his identity confirms for me this entire approach is wrong; it's a mistake to trust a third party to protect your anonymity.  Even when the owners of a mixing service have the best intentions they can make mistakes and if they can be located they can be threatened.

I don't know enough about cryptography to say how (or if) it can be accomplished but mixing coins needs to be done in a way in such a way that it's not necessary to trust the mixing service.

If your security/anonymity needs are that high, Bitcoin may not be the right thing for you. You always leave a trail while aquiring bitcoin. Your IP will always be there at some point (if you don't trust TOR). The closest thing would be mining over TOR or something like this.
In short, Bitcoin is well known to be pseudonymous, so you might instead use a centrally managed system (only one instance to trust) or better yet, some offline commodity (where you trust your partner). No free lunch once you become paranoid enough ;-)

I still say TORWallet comes close to the most trustworthy tumbler, in terms of anonymity (not in terms of "noone runs away with your coins" necessarily though). Which doesnt say you shouldn't cascade several services and tumblers.

Ente
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 16, 2012, 01:40:16 PM
 #137

The way in which the operator of TORwallet has partially compromised his identity confirms for me this entire approach is wrong; it's a mistake to trust a third party to protect your anonymity.  Even when the owners of a mixing service have the best intentions they can make mistakes and if they can be located they can be threatened.

I don't know enough about cryptography to say how (or if) it can be accomplished but mixing coins needs to be done in a way in such a way that it's not necessary to trust the mixing service.

If your security/anonymity needs are that high, Bitcoin may not be the right thing for you. You always leave a trail while aquiring bitcoin. Your IP will always be there at some point (if you don't trust TOR). The closest thing would be mining over TOR or something like this.
In short, Bitcoin is well known to be pseudonymous, so you might instead use a centrally managed system (only one instance to trust) or better yet, some offline commodity (where you trust your partner). No free lunch once you become paranoid enough ;-)

I still say TORWallet comes close to the most trustworthy tumbler, in terms of anonymity (not in terms of "noone runs away with your coins" necessarily though). Which doesnt say you shouldn't cascade several services and tumblers.

Ente

This is not always true... there are ways to take precautions if one so desires.  There is a reason BTC is used on the black market.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Ente
Legendary
*
Offline Offline

Activity: 1834



View Profile
July 16, 2012, 02:06:13 PM
 #138

The way in which the operator of TORwallet has partially compromised his identity confirms for me this entire approach is wrong; it's a mistake to trust a third party to protect your anonymity.  Even when the owners of a mixing service have the best intentions they can make mistakes and if they can be located they can be threatened.

I don't know enough about cryptography to say how (or if) it can be accomplished but mixing coins needs to be done in a way in such a way that it's not necessary to trust the mixing service.

If your security/anonymity needs are that high, Bitcoin may not be the right thing for you. You always leave a trail while aquiring bitcoin. Your IP will always be there at some point (if you don't trust TOR). The closest thing would be mining over TOR or something like this.
In short, Bitcoin is well known to be pseudonymous, so you might instead use a centrally managed system (only one instance to trust) or better yet, some offline commodity (where you trust your partner). No free lunch once you become paranoid enough ;-)

I still say TORWallet comes close to the most trustworthy tumbler, in terms of anonymity (not in terms of "noone runs away with your coins" necessarily though). Which doesnt say you shouldn't cascade several services and tumblers.

Ente

This is not always true... there are ways to take precautions if one so desires.  There is a reason BTC is used on the black market.


I, personally, feel secure enough with my way of handling bitcoin for the things I do with them. Which involves trusting various companies, services, exchanges and so on.
What I tried to say, is, you will quickly find limits in the usefulness of Bitcoin when you don't trust absolutely nobody..
Which, as a mind experiment, I enjoy, but not for (my) real-world applications.
Once you start calculating risks, thus accepting risks, things become much more reasonable. Like trusting the integrity of the TOR network, for example.

Ente
ImJello
Newbie
*
Offline Offline

Activity: 15


View Profile
August 12, 2012, 06:25:35 PM
 #139

Anybody have any idea where Torwallet is? I've been trying to get in contact with them the last couple of weeks.
therustytrombone
Full Member
***
Offline Offline

Activity: 129


View Profile
September 17, 2012, 05:23:10 PM
 #140

It's been over 48 hours and I'm still getting the "Hot wallet exhausted. Please wait while we move coins in from our offline wallet" message.  My e-mail and PM have so far gone unanswered, it's disconcerting to have funds locked up and unavailable.  How long does it usually take to replenish the hot wallet?

Thanks in advance
Pages: « 1 2 3 4 5 6 [7] 8 9 10 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!