I created this account for the sole purpose of posting on the forum for all to view in the future, rather than posting my questions in your support function. I'm apprehensive about a few points and I'd love for you to clarify for me and the rest of us who may be wondering.
### Logs and Backup ###
Log files are deleted by a cronjob every night and it automatically deletes all logs older than 10 days: "find /var/log/* -mtime +10 -delete"
Backup of database and wallet are taken every hour and put in a Truecrypt container and copied to another server with redundant disks.
Log files are deleted by a cronjob every night and it automatically deletes all logs older than 10 days: "find /var/log/* -mtime +10 -delete"
Backup of database and wallet are taken every hour and put in a Truecrypt container and copied to another server with redundant disks.
The purpose of a tumbler is privacy and anonymity. How can this be achieved if you are maintaining backups? You state that logs are deleted nightly which sounds good. However, you go on to state that hourly backups are made and stored in an encrypted Truecrypt container. Now, given that Truecrypt is obsolete, I hope you are using at least Veracrypt, and even better, dmcrypt, but it seems that you may be running this on a Windows box based on several statements you've made.
- How is this 'container' copied to another server? FTP?
- Is this secondary server bare-metal and do you have full control over the the so-called 'redundant discs'?
- How do you guarantee the purging of the hourly backups that get moved to 'redundant discs'?
- How is the container managed? Are you creating a new container every hour and sending this off, each with a unique key?
- You state that you destroy logs on your primary server, but do you destroy these containers?
- Could you please state officially each item that is in the log that is purged?
Moving along to your tumbler's functionality, I have a few more questions. Several statements are made on your website that are not clear and need additional clarification. The statements and subsequent questions are:
When logged in, under the 'WITHDRAW' tab:
Quote
Bitcoin Blender is ready! If you withdraw 1.12345678 you will receive new coins!
I'd like some clarification on the context of this message. I understand that the tumbler is ready, but I don't understand what you mean to imply by stating that if the user is to withdrawal the 'entire' and 'full' amount at one time, the user will receive new coins. This is how I have interpreted this message and it's left me flabbergasted.
- What are 'new coins' in this context?
- Is receiving these 'new coins' solely dependent on withdrawing the entire amount at one time?
Under the same tab, but further down below 'Automatic Withdrawal':
Quote
Automatic Withdraw runs four times per day and will at these times take your accounts balance and create withdraws spread across your specified addresses with random delays and amounts.
Are these 'four times per day' at the exact same time each and every day, or are these four times randomised between days? I'm concerned that if they are not at randomised time, this could be a vulnerability in your 'QUICK MIX' feature that could lead to fingerprinting.
While NOT logged in and under the 'QUICK MIX' tab:
Quote
If you have a Quick Mix ID from previous mixes enter it here, or if you want to check the status of a Quick Mix in progress enter it and use the button on the bottom of the page.
I scoured this entire thread and all the documentation available on your website, and no where is the function of the 'Quick Mix ID' explained anywhere.
- How does the 'Quick Mix ID' function? Does it ensure that I can continue to reuse the 'QUICK MIX' function without ever mixing in with previously mixed in coins?
- Does this ID function track previously tumbled in coins? If so, to what degree?
- Is the 'Quick Mix ID' used only for tracking the tumble function while in-progress and immediately after for support?
And finally just one more question. If a user were to create a single account and use your service over the course of a single year, making 100 deposits and 50 tumble operations to various wallet addresses, how can the user be sure that they will never have the unfortunate issue of receiving one of their previously entered coins from months earlier?
Let's say that the user deposited Coin A in January, Coin B in February, requested a withdrawal for the total value of Coin A and Coin B and receiving this withdrawal and now have an account balance of 0.0 BTC and then later Coins C and D are deposited in August and a subsequent withdrawal is made resulting in a part of the earlier Coin A being tumbled into the mix with Coins C and D.
Have you protected against this?
I am looking forward to viewing a substantial addressing of these points as I believe I'm not the only one curious. Thank you for the wonderful service and continued support.
