Bitcoin Forum
December 03, 2016, 04:50:45 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 6 7 8 9 10 »  All
  Print  
Author Topic: [ANNOUNCE] TORwallet - anonymous mixing wallet service  (Read 26585 times)
Gladamas
Sr. Member
****
Offline Offline

Activity: 294


Bitcoin today is what the internet was in 1998.


View Profile
June 20, 2012, 07:22:37 PM
 #61


Robots.txt much?

1GLADMZ5tL4HkS6BAWPfJLeZJCDHAd9Fr3 - LQ6Zx8v7fHVBiDX5Lmhbp6oEDB7dUFjANu
GPG 0xF219D5BB3C467E12 - Litecoin Forum
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480740645
Hero Member
*
Offline Offline

Posts: 1480740645

View Profile Personal Message (Offline)

Ignore
1480740645
Reply with quote  #2

1480740645
Report to moderator
1480740645
Hero Member
*
Offline Offline

Posts: 1480740645

View Profile Personal Message (Offline)

Ignore
1480740645
Reply with quote  #2

1480740645
Report to moderator
topikwm
Newbie
*
Offline Offline

Activity: 21


View Profile
June 20, 2012, 07:32:39 PM
 #62

By the link you can find other users' wallets:

https://instawallet.org/w/vXjpEwkofHdLFgpaF-dm-g
https://instawallet.org/w/gZiQKV5qImChThSHtXGnHVVz72RKe1aA
https://instawallet.org/w/UIx9A2qvkJRRLjQqjBvBjY5TzntD955k7Q
https://instawallet.org/w/bfLZ5GP7iC1Y8WsZCEdb6A
...

Google does not index the content, but provides links.
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
June 20, 2012, 07:35:41 PM
 #63


As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.
TORwallet
Jr. Member
*
Offline Offline

Activity: 41


I <3 TOR


View Profile WWW
June 20, 2012, 08:16:25 PM
 #64

We'd like to thank Bitcoin Magazine for reviewing our service. Here are a few comments and responses we had on the article.

Quote from: Bitcoin Magazine
While the idea seems convenient at first glance, the effectiveness of this implementation can be called into question. First of all, the representation of TORwallet as an “anonymous mixing bitcoin wallet” is somewhat misleading. One would expect such a wallet to carry out its mixing functionality automatically and behind the scenes, so that user could be comfortable in the knowledge that the “mixing wallet” is doing the mixing for him, but in TORwallet this is not the case. For mixing to take place at all, the user must activate the feature manually by clicking the “mix coins” button and paying the greater of 3% of the amount mixed or 0.5 bitcoins as a fee, making the “mixing” and “wallet” functionalities essentially completely separate. This particular way of implementing the mixing functionality is highly problematic not only because of usability, but also because it limits functionality; what if a user periodically deposits new coins that need to be exchanged for “clean” coins and does not wish to pay a 3% tax on his entire pool of savings every time he does so?

Our wallet will mix your coins even if you never pay the fee, but you will not know if and when your coins have been mixed. When someone clicks the mix button, it draws on all coins in our service, including those from people who have never clicked it. The button is there for those willing to pay a small fee for the immediate certainty that their coins have been mixed.

If you are periodically depositing coins, simply deposit them to a new wallet and mix them. Move them to your old one if you must, but we suggest using a new wallet regularly for greater anonymity anyway.

Quote from: Bitcoin Magazine
The wallet’s security model, a copy of that used by InstaWallet, is also problematic. The strategy of using the URL as the password is highly problematic, since it means that anyone who gets access to your browser can simply look through your history, open up your wallet and drain it within seconds. Accessing the wallet only through a private browsing mode (which the Tor browser bundle does by default) solves this problem, but also creates the problem of having to find a place to store the URL. To prevent attackers from easily finding it with a simple file directory scan, it would have to be stored encrypted, and at that point what you have is simply a more cumbersome version of a proper username/password authentication framework like that used by secure wallets like Blockchain.

We are considering implementing a function where you can password protect the wallet, so that the URL will become a username rather than password.

We also suggest password protecting your computer and using encrypted LVM, TrueCrypt, or BitLocker to prevent anyone untrusted from accessing your computer and browser. This is a general security recommendation for everyone whether you use our service or not.

Quote from: Bitcoin Magazine
Both of TORwallet’s key functions have superior alternatives as separate entities – Bitcoin Fog as a mixing service, as it takes a smaller fee (randomized 1-3%) and a smaller minimum (1.00 BTC withdraw with no fixed fee component), and Blockchain is a stronger wallet. Furthermore, there is even a service which can be described as a mixing wallet done right: Silk Road. The Tor-based black market auction site employs a secure mixing service intended to be safe enough even for users engaged in illegal activities for all bitcoins passing through the system, and includes the send, receive and storage functionality needed to make a basic wallet work.

Our advantage over Bitcoin Fog and Silk Road is our convenience and speed. You can immediately withdraw your coins at any time without the wait. Both other services delay deposits and withdraws for at least a few hours. We only require 2 confirmations. We suggest withdrawing in multiple transactions to different addresses, however users are free to do as they choose. One use case for our service is people sending coins to and from Silk Road, so that rules them out as an option.

Quote from: Bitcoin Magazine
The last problem is that of trust. As we know from the examples of MyBitcoin and Bitscalper, anonymous services whose only function is storing money cannot be trusted simply because the profit that they would earn from running away with everyone’s coins at any point is sufficiently high compared to the profit that they expect to earn in the future by acting honestly that it often is expedient for them to disappear. Deposit accounts can still be trusted; if the provider provides enough information about who they are and where they can be found, the threat of law enforcement will shift the calculus toward honesty, and even some anonymous services can be trustworthy. In the case of Silk Road, for example, users only need to store change in the service for a few days, and the owners have an effective source of fees, the future expectation of which is sufficient to continually entice them to conduct themselves honorably. TORwallet, however, is intended to be a long-term money storage provider, and has chosen to maintain their anonymity, placing them on par with Bitscalper in terms of the level of trust that they presently deserve.

Our users are free to store coins for any term they like, from minutes to years. At this point, it does not seem like knowing the identity of the service owner or being easily traceable has helped anyone recover bitcoins. Both MyBitcoin and Bitscalper would have been easy to track down by law enforcement, however they are not even willing to get involved with thefts of something not legally recognized as currency. What they are certainly willing to expend resources on is tracking people laundering money for any number of reasons.

We also highly value our reputation. We will be launching several new services in the coming months as they are developed.

Quote from: Bitcoin Magazine
The one feature that TORwallet does have over its alternatives is its direct accessibility through Tor as a hidden service, something which no other online Bitcoin wallet (except Silk Road and its ilk) has available. Aside from that advantage, however, the service has a long way to go in terms of implementing a reliable framework of security and trust. One suggestion would be to switch to a Blockchain wallet security model, where the wallet is stored encrypted and all calculations are done client side, and to seamlessly integrate the mixer into the wallet as a deposit mechanism – the wallet would show a deposit address where users can send their funds to, which automatically triggers a mixing service which sends randomly sourced bitcoins to the wallet that the user controls perhaps less a 1-2% fee. This would solve the trust problem and the security problem while making it much more of a true “mixing wallet” at the same time. Abandoning the Instawallet URL-as-password model for something more secure is another necessity. As it stands, however, there are much better alternatives for the functionality that it provides.

Switching to a Blockchain security model would make our service impossible. We rely on having a pool of coins to mix your coins with, the larger that pool is the more difficult it will be to associate incoming and outgoing transactions. Switching to a blockchain model would require us to buy far more coins than we can afford to in order to increase pool size.

TORwallet - anonymous mixing bitcoin wallet
http://nci2szjrwjqw2zbi.onion/ or http://torwallet.net/
geffaxiv-532
Jr. Member
*
Offline Offline

Activity: 40


View Profile
June 20, 2012, 08:22:19 PM
 #65

Hi, I find this service pretty dubious.

That means that if someone has a copy of your exact URL written down somewhere then they have full control over your account.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 20, 2012, 08:32:45 PM
 #66

Hi, I find this service pretty dubious.

That means that if someone has a copy of your exact URL written down somewhere then they have full control over your account.
Where are they going to get a copy? Are you going to give it away? Protect it!

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Serith
Sr. Member
****
Offline Offline

Activity: 269


View Profile
June 20, 2012, 11:31:36 PM
 #67

We only require 2 confirmations.
How do you protect yourself from what presumably happend with Mybitcoin? Noticeable portion of Bitcoin Network hash power owned by botnets, therefore it is possible to execute the attack without leaving a trail.
topikwm
Newbie
*
Offline Offline

Activity: 21


View Profile
June 21, 2012, 08:10:20 AM
 #68

As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.

I gave an example. The right person will understand this.
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
June 21, 2012, 08:15:11 AM
 #69

As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.

I gave an example. The right person will understand this.

I can also randomly try 1000 different instawallet url-s and publish them on a website, but that doesn't mean any of them are legitimate. Actually, it is a lot more likely you're going to be killed by lightning the second after you read this than it is for any one of those 1000 accounts having any bitcoins on it.
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
June 21, 2012, 02:35:28 PM
 #70

As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.

I gave an example. The right person will understand this.
Assertion 1 :
Your search yields approximately 19 URLs.
There are over 250,000 different wallets at Instawallet.

Assertion 2 :
Google does not magically index hidden wallet URLs.

Make your conclusions.

topikwm
Newbie
*
Offline Offline

Activity: 21


View Profile
June 22, 2012, 06:59:39 AM
 #71


Assertion 1 :
Your search yields approximately 19 URLs.
There are over 250,000 different wallets at Instawallet.

Assertion 2 :
Google does not magically index hidden wallet URLs.

Make your conclusions.

1) 19 URLs? You have washed your eyes this morning?
http://s019.radikal.ru/i612/1206/08/9cf3ba33337e.png

2) read - 1


Have a nice day ебанашка.
Ente
Legendary
*
Offline Offline

Activity: 1834



View Profile
June 22, 2012, 07:28:51 AM
 #72

Come on guys, give TorWallet a break, will you?
Google indexing links to Instawallet wallets which people voluntarily published online, for whatever reason they have, has nothing to do with TorWallet.
Are you critizising Instawallet's design? Fine, then don't use it. It is one of the most popular wallets and services in the bitcoin ecosystem nevertheless.

Ente
topikwm
Newbie
*
Offline Offline

Activity: 21


View Profile
June 22, 2012, 08:09:39 AM
 #73

Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
June 22, 2012, 08:31:42 AM
 #74

Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
Care to elaborate on that? All this time you're denying everything we say without explanation.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
June 22, 2012, 10:29:49 AM
 #75

Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
Care to elaborate on that? All this time you're denying everything we say without explanation.

I think he means those links were not published voluntarily but were sent on emails(gmail) and indexed from there.
We already know they read emails to show contextual advertising, why not grab any URL inside and index them?

vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
June 22, 2012, 10:32:38 AM
 #76

Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
Care to elaborate on that? All this time you're denying everything we say without explanation.

I think he means those links were not published voluntarily but were sent on emails(gmail) and indexed from there.
We already know they read emails to show contextual advertising, why not grab any URL inside and index them?
Even if this is so I don't know how that is relevant. E-mails are plain text so sending such url over e-mail is no more secure than publishing it on a website. So basically this still has nothing to do with torwallet's security but with people's stupidity.
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
June 22, 2012, 10:42:45 AM
 #77


Assertion 1 :
Your search yields approximately 19 URLs.
There are over 250,000 different wallets at Instawallet.

Assertion 2 :
Google does not magically index hidden wallet URLs.

Make your conclusions.

1) 19 URLs? You have washed your eyes this morning?
{screenshot removed}

2) read - 1


Have a nice day ебанашка.





I meant 19 pages, I find only 17 pages, with 10 links per page it gives 170 wallet URLs, my point still stands.
Google indexes stuff that people publish, it does not do black magic.

Ente
Legendary
*
Offline Offline

Activity: 1834



View Profile
June 22, 2012, 10:44:25 AM
 #78

..At least it is true that I couldn't find webpages where the instawallet url would have been written, when google'ing a few of the posted urls..
So I think it may indeed be possible the urls came from somewhere else than posting and indexing.
Form googlemail directly? I can not believe that.. Who in their right mind would do that?

Well, lets try it out, someone with a gmail account mail a fresh instawallet url? If you post the url here afterwards, please skip the last digits or obfuscate it, since google indexes this thread too ;-)

And still: Totally off-topic to torwallet. Maybe let a mod spin off this topic to another thread?

Ente
topikwm
Newbie
*
Offline Offline

Activity: 21


View Profile
June 22, 2012, 12:41:52 PM
 #79

Form googlemail directly? I can not believe that.. Who in their right mind would do that?

There are other options: "Google Toolbar", Chrome.. but it does not matter.

Google indexes stuff that people publish, it does not do black magic.

Google know about 1560 URLs (by screenshot)
For safety reasons, he showed you only the first 170, but there are other ways to get those links.

But the problem is not in Google. The problem is that even Google can find a lot of URLs.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 22, 2012, 02:08:32 PM
 #80

Form googlemail directly? I can not believe that.. Who in their right mind would do that?

There are other options: "Google Toolbar", Chrome.. but it does not matter.

Google indexes stuff that people publish, it does not do black magic.

Google know about 1560 URLs (by screenshot)
For safety reasons, he showed you only the first 170, but there are other ways to get those links.

But the problem is not in Google. The problem is that even Google can find a lot of URLs.
What you don't understand is that simply visiting the root of the instawallet site (and Torwallet too) redirects you to a new virgin wallet without clicking any buttons. When this happens, the URL changes, so Google indexes a new URL each time, because it doesn't understand what happened and it thinks that there is new content to be shown to search users. IT CANNOT AND WILL NOT DISCOVER EXISTING URLS UNLESS THEY ARE SPECIFICALLY PUBLISHED.

And that BS about Gmail was retarded, they don't index or publish your mail, they just scan it for keywords to provide relevant advertising.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Pages: « 1 2 3 [4] 5 6 7 8 9 10 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!