We'd like to thank Bitcoin Magazine for reviewing our service. Here are a few comments and responses we had on the article.
While the idea seems convenient at first glance, the effectiveness of this implementation can be called into question. First of all, the representation of TORwallet as an “anonymous mixing bitcoin wallet” is somewhat misleading. One would expect such a wallet to carry out its mixing functionality automatically and behind the scenes, so that user could be comfortable in the knowledge that the “mixing wallet” is doing the mixing for him, but in TORwallet this is not the case. For mixing to take place at all, the user must activate the feature manually by clicking the “mix coins” button and paying the greater of 3% of the amount mixed or 0.5 bitcoins as a fee, making the “mixing” and “wallet” functionalities essentially completely separate. This particular way of implementing the mixing functionality is highly problematic not only because of usability, but also because it limits functionality; what if a user periodically deposits new coins that need to be exchanged for “clean” coins and does not wish to pay a 3% tax on his entire pool of savings every time he does so?
Our wallet will mix your coins even if you never pay the fee, but you will not know if and when your coins have been mixed. When someone clicks the mix button, it draws on all coins in our service, including those from people who have never clicked it. The button is there for those willing to pay a small fee for the immediate certainty that their coins have been mixed.
If you are periodically depositing coins, simply deposit them to a new wallet and mix them. Move them to your old one if you must, but we suggest using a new wallet regularly for greater anonymity anyway.
The wallet’s security model, a copy of that used by InstaWallet, is also problematic. The strategy of using the URL as the password is highly problematic, since it means that anyone who gets access to your browser can simply look through your history, open up your wallet and drain it within seconds. Accessing the wallet only through a private browsing mode (which the Tor browser bundle does by default) solves this problem, but also creates the problem of having to find a place to store the URL. To prevent attackers from easily finding it with a simple file directory scan, it would have to be stored encrypted, and at that point what you have is simply a more cumbersome version of a proper username/password authentication framework like that used by secure wallets like Blockchain.
We are considering implementing a function where you can password protect the wallet, so that the URL will become a username rather than password.
We also suggest password protecting your computer and using encrypted LVM, TrueCrypt, or BitLocker to prevent anyone untrusted from accessing your computer and browser. This is a general security recommendation for everyone whether you use our service or not.
Both of TORwallet’s key functions have superior alternatives as separate entities – Bitcoin Fog as a mixing service, as it takes a smaller fee (randomized 1-3%) and a smaller minimum (1.00 BTC withdraw with no fixed fee component), and Blockchain is a stronger wallet. Furthermore, there is even a service which can be described as a mixing wallet done right: Silk Road. The Tor-based black market auction site employs a secure mixing service intended to be safe enough even for users engaged in illegal activities for all bitcoins passing through the system, and includes the send, receive and storage functionality needed to make a basic wallet work.
Our advantage over Bitcoin Fog and Silk Road is our convenience and speed. You can immediately withdraw your coins at any time without the wait. Both other services delay deposits and withdraws for at least a few hours. We only require 2 confirmations. We suggest withdrawing in multiple transactions to different addresses, however users are free to do as they choose. One use case for our service is people sending coins to and from Silk Road, so that rules them out as an option.
The last problem is that of trust. As we know from the examples of MyBitcoin and Bitscalper, anonymous services whose only function is storing money cannot be trusted simply because the profit that they would earn from running away with everyone’s coins at any point is sufficiently high compared to the profit that they expect to earn in the future by acting honestly that it often is expedient for them to disappear. Deposit accounts can still be trusted; if the provider provides enough information about who they are and where they can be found, the threat of law enforcement will shift the calculus toward honesty, and even some anonymous services can be trustworthy. In the case of Silk Road, for example, users only need to store change in the service for a few days, and the owners have an effective source of fees, the future expectation of which is sufficient to continually entice them to conduct themselves honorably. TORwallet, however, is intended to be a long-term money storage provider, and has chosen to maintain their anonymity, placing them on par with Bitscalper in terms of the level of trust that they presently deserve.
Our users are free to store coins for any term they like, from minutes to years. At this point, it does not seem like knowing the identity of the service owner or being easily traceable has helped anyone recover bitcoins. Both MyBitcoin and Bitscalper would have been easy to track down by law enforcement, however they are not even willing to get involved with thefts of something not legally recognized as currency. What they are certainly willing to expend resources on is tracking people laundering money for any number of reasons.
We also highly value our reputation. We will be launching several new services in the coming months as they are developed.
The one feature that TORwallet does have over its alternatives is its direct accessibility through Tor as a hidden service, something which no other online Bitcoin wallet (except Silk Road and its ilk) has available. Aside from that advantage, however, the service has a long way to go in terms of implementing a reliable framework of security and trust. One suggestion would be to switch to a Blockchain wallet security model, where the wallet is stored encrypted and all calculations are done client side, and to seamlessly integrate the mixer into the wallet as a deposit mechanism – the wallet would show a deposit address where users can send their funds to, which automatically triggers a mixing service which sends randomly sourced bitcoins to the wallet that the user controls perhaps less a 1-2% fee. This would solve the trust problem and the security problem while making it much more of a true “mixing wallet” at the same time. Abandoning the Instawallet URL-as-password model for something more secure is another necessity. As it stands, however, there are much better alternatives for the functionality that it provides.
Switching to a Blockchain security model would make our service impossible. We rely on having a pool of coins to mix your coins with, the larger that pool is the more difficult it will be to associate incoming and outgoing transactions. Switching to a blockchain model would require us to buy far more coins than we can afford to in order to increase pool size.