[ANN] ChipMixer.com - Bitcoin mixer / Bitcoin tumbler - mixing reinvented - page 118.

HeRetiK

legendary

Activity: 2912

Merit: 2066

Cashback 15%

Quote from: ChipMixer on October 04, 2017, 06:41:23 AM

Quote from: HeRetiK on October 04, 2017, 03:18:32 AM

Cloudflare is basically a legitimized man-in-the-middle attack, ie. while the data gets encrypted between User / Cloudflare and Cloudflare / ChipMixer the data still gets decrypted -- and possibly stored -- on Cloudflare's server.

This is correct.
In case of other mixers using CloudFlare, CloudFlare knows your input address and output addresses. In our case, if we would use CloudFlare, CloudFlare would know input addresses and private keys. CloudFlare is US company so it is reasonable to think that any three letter institution could get an access by court order.

Holy shit I absolutely forgot about the private keys. Those would indeed fall into CloudFlare's hands as well. Not only that, just imagine something like Cloudbleed happening again. That'd be disastrous.

Quote from: mocacinno on October 04, 2017, 08:55:57 AM

[...]

* cloudflare has 2 SSL "modes": flexible and full. For an enduser, it's allmost impossible to tell wether the site he's visiting is using full or flexible SSL mode. If a site is setup with the flexible SSL mode, it is possible for your data to be encrypted between your computer and cloudflare, but unencrypted (over port 80) between cloudflare and the server. So, if everything is setup correctly (full ssl mode), there is no problem, but if the admin was lazy and setup the flexible ssl mode, the user might never know his data is being transferred unencrypted.

[...].

That's why every dev team needs "that paranoid guy" making sure that shit like that doesn't fly Wink

mocacinno

legendary

Activity: 3388

Merit: 4919

https://merel.mobi => buy facemasks with BTC/LTC

Quote from: ChipMixer on October 04, 2017, 06:41:23 AM

Quote from: HeRetiK on October 04, 2017, 03:18:32 AM

Cloudflare is basically a legitimized man-in-the-middle attack, ie. while the data gets encrypted between User / Cloudflare and Cloudflare / ChipMixer the data still gets decrypted -- and possibly stored -- on Cloudflare's server.

This is correct.
In case of other mixers using CloudFlare, CloudFlare knows your input address and output addresses. In our case, if we would use CloudFlare, CloudFlare would know input addresses and private keys. CloudFlare is US company so it is reasonable to think that any three letter institution could get an access by court order.

The reason given by chipmixer in the post above mine ^^ is the main reason why a mixer shouldn't use cloudflare. There are other reasons tough, like there are:
* cloudflare is able to inject any type of content into any page that goes trough their servers
* cloudflare has 2 SSL "modes": flexible and full. For an enduser, it's allmost impossible to tell wether the site he's visiting is using full or flexible SSL mode. If a site is setup with the flexible SSL mode, it is possible for your data to be encrypted between your computer and cloudflare, but unencrypted (over port 80) between cloudflare and the server. So, if everything is setup correctly (full ssl mode), there is no problem, but if the admin was lazy and setup the flexible ssl mode, the user might never know his data is being transferred unencrypted.
* the mixer admin has to sign in to his cloudflare account pretty often, so if he's not carefull with using a VPN all the time, his ip might get logged on an US based company's server
* cloudflare protection is terrible when you try to visit a clearnet url over tor
*...

Don't get me wrong, i love cloudflare, but i don't think it should be used for mixers, banks,...

ChipMixer

sr. member

Activity: 456

Merit: 956

https://bitcointalk.org/index.php?topic=1935098

Quote from: HeRetiK on October 04, 2017, 03:18:32 AM

Cloudflare is basically a legitimized man-in-the-middle attack, ie. while the data gets encrypted between User / Cloudflare and Cloudflare / ChipMixer the data still gets decrypted -- and possibly stored -- on Cloudflare's server.

This is correct.
In case of other mixers using CloudFlare, CloudFlare knows your input address and output addresses. In our case, if we would use CloudFlare, CloudFlare would know input addresses and private keys. CloudFlare is US company so it is reasonable to think that any three letter institution could get an access by court order.

HeRetiK

legendary

Activity: 2912

Merit: 2066

Cashback 15%

Quote from: LoyceV on October 04, 2017, 03:10:24 AM

Quote from: pnbamania on October 04, 2017, 01:18:18 AM

Ok I am a noob and I don't know much of technical stuff but can't Chip-mixer make a encrypted connection between the client and it's servers so if a third party is involved the data is well encrypted? I don't know if it's even possible lol

Chipmixer uses an encrypted connection.
I'm not sure how Cloudflare works in the details, but I can imagine Cloudflare must some how know who is a legit user, and who is just a DDOS-bot spamming. Until reading it here, I didn't realize that compromises privacy.

Cloudflare is basically a legitimized man-in-the-middle attack, ie. while the data gets encrypted between User / Cloudflare and Cloudflare / ChipMixer the data still gets decrypted -- and possibly stored -- on Cloudflare's server.

As far as i know Cloudflare's DDoS protection isn't even all that effective. Or rather, it works for basic DDoS attacks, but more sophisticated attackers will work around Cloudflare's DDoS protection either way.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: pnbamania on October 04, 2017, 01:18:18 AM

Ok I am a noob and I don't know much of technical stuff but can't Chip-mixer make a encrypted connection between the client and it's servers so if a third party is involved the data is well encrypted? I don't know if it's even possible lol

Chipmixer uses an encrypted connection.
I'm not sure how Cloudflare works in the details, but I can imagine Cloudflare must some how know who is a legit user, and who is just a DDOS-bot spamming. Until reading it here, I didn't realize that compromises privacy.

pnbamania

full member

Activity: 267

Merit: 100

Ok I am a noob and I don't know much of technical stuff but can't Chip-mixer make a encrypted connection between the client and it's servers so if a third party is involved the data is well encrypted? I don't know if it's even possible lol

richardsNY

legendary

Activity: 1232

Merit: 1091

Quote from: BitHodler on September 30, 2017, 01:49:32 PM

An external server basically means that you should consider your information compromised.

That's also the reason this forum doesn't make use of cloud flare, and that while a mixing service has far more priority to offer an ultra form of privacy (as far as possible), and thus skip third party services for better overall accessibility. I have used ChipMixer several times now, and only once did I experience an outage, which lasted like 5 minutes -- it's definitely annoying, but I am willing to take an occasional outage for granted to keep the highest possible form of anonymity.

BitHodler

legendary

Activity: 1526

Merit: 1179

Quote from: audaciousbeing on September 30, 2017, 09:32:47 AM

the same client you trying to protect their privacy wouldn't mind using the competitors service despite the cloudfare thing in existence.

I am a client as well, and I actually do mind it when a mixing service makes use of an external service such as cloudflare. Chances for abuse are extremely small, but people make use of a mixing service for a reason.

If data goes through another machine, there is no way that anyone, or at least ChipMixer itself can guarantee that everything related to your mixing session won't be saved on whatever server for ever.

Noob users likely won't care, but those who are very privacy minded are insanely paranoid when it comes to logs being stored for longer than the promised time frame ~ these are usually the higher volume users.

An external server basically means that you should consider your information compromised.

audaciousbeing

hero member

Activity: 1330

Merit: 569

Quote from: ChipMixer on September 30, 2017, 03:02:59 AM

Quote from: LoyceV on September 28, 2017, 01:52:52 PM

It's most likely another DDOS. It's very cheap to do, and very hard to prevent.

There is a cheap way to prevent it - use CloudFlare (or something similar) like other mixers do.
The problem is that it puts another, non-ChipMixer-controlled machine between ChipMixer and user.
We cannot ensure your privacy this way, so we do not use their service.

Its all good for the explanation and it will be better if there is a notification to that effect on the site when its down for users. I think its because a lot of mixers have gotten into the community and they are trying to gain attention as well and for people who felt its time to discredit ChipMixer for reasons best known to them but little did they forget that the market is big enough for everyone to feature in.

I think you still need to look for something around the cloudfare option and still be able to ensure the privacy of users because when these attack becomes too much, the same client you trying to protect their privacy wouldn't mind using the competitors service despite the cloudfare thing in existence.

ChipMixer

sr. member

Activity: 456

Merit: 956

https://bitcointalk.org/index.php?topic=1935098

Quote from: LoyceV on September 28, 2017, 01:52:52 PM

It's most likely another DDOS. It's very cheap to do, and very hard to prevent.

There is a cheap way to prevent it - use CloudFlare (or something similar) like other mixers do.
The problem is that it puts another, non-ChipMixer-controlled machine between ChipMixer and user.
We cannot ensure your privacy this way, so we do not use their service.

OROBTC

legendary

Activity: 2912

Merit: 1852

...

In recent days I tried out ChipMixer. Because it works differently than other mixers I have used is was slightly (slightly!) confusing to me as a first time user, but every thing went just fine. I split my BTC into two chips, withdrew one fairly quickly, and took a voucher on the other one.

Later I went back and cashed in the voucher. All OK.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Thirdspace on September 28, 2017, 11:39:53 PM

if I want to deposit from lots ins with big tx size probably not a good idea
unless I want to spend good amount on fee to speed it up before 48 hrs time's up. correct?

You could send all your inputs to one address of your own first. From there, you can send faster without high total fee. Fees aren't so high at the moment, 20 sat/byte should get you a decent confirmation time. If you want less than that for many small inputs, doing it on a Sunday is your best bet.
Recently I've seen transactions under 10 sat/byte get confirmed again too, in just a few hours.
If your deposit somehow takes more than 48 hours to confirm, you can always "reset" the timer and have 48 hours again. Just don't forget to check daily if you need this.

Quote

second, mix & withdraw step, is it possible after splitting into several chips (say 4 chips)
then withdraw 1 chip and deposit (get 3 vouchers) for later use?
and can we also mix these vouchers with next deposit on another session?

Yes, you can do this. Treat vouchers the same way as you treat private keys: make safe backups, don't show them to anyone.

Quote

I think it would be great if you could make a dummy session to let people learn it
sometime people learn faster by doing and example than reading instructions Roll Eyes

thanks...

You can try with a small amount, ChipMixer doesn't ask a high minimum amount to start mixing.

mocacinno

legendary

Activity: 3388

Merit: 4919

https://merel.mobi => buy facemasks with BTC/LTC

Quote from: Thirdspace on September 28, 2017, 11:39:53 PM

--snip
first, if I want to deposit from lots ins with big tx size probably not a good idea
unless I want to spend good amount on fee to speed it up before 48 hrs time's up. correct?
--snip

Yes, but this has nothing to do with the way chipmixer works... It's just bitcoin's protocol. If your transaction size goes up, so does the recommanded fee.
As a matter of fact, you have to realise that if you controll a lot of very small unspent outputs, eventually you're going to have to pay a high fee to spend them. It does not matter if you have to pay the fee while funding a mixer's address, or if you have to pay this fee while paying for a pizza.

Thirdspace

hero member

Activity: 1232

Merit: 738

Mixing reinvented for your privacy | chipmixer.com

I clicked "start mixing" button just want to see the mixing process
but I haven't actually made deposit and tried it for real yet
first, if I want to deposit from lots ins with big tx size probably not a good idea
unless I want to spend good amount on fee to speed it up before 48 hrs time's up. correct?
second, mix & withdraw step, is it possible after splitting into several chips (say 4 chips)
then withdraw 1 chip and deposit (get 3 vouchers) for later use?
and can we also mix these vouchers with next deposit on another session?

I think it would be great if you could make a dummy session to let people learn it
sometime people learn faster by doing and example than reading instructions Roll Eyes

thanks...

HCP

legendary

Activity: 2086

Merit: 4314

Quote from: warningsigns on September 28, 2017, 01:42:29 PM

Is the site down? I keep getting a "This site can't be reached" error.
If it's down for maintenance, when will you be up and running again? Please let me know. Trying to teach and convince my (skeptical) friend how mixers work.

Quote from: LoyceV on September 28, 2017, 01:52:52 PM

@warningsigns: It's most likely another DDOS. It's very cheap to do, and very hard to prevent.
You can try the Tor-version of the site.

Can confirm... the TOR network .onion site is working perfectly fine in Tor-Browser... the "normal" .com clearnet site just times out Undecided

Seems like ChipMixer is a victim of it's own popularity and success... #hatersGonnaHate

warningsigns

hero member

Activity: 896

Merit: 1082

Quote from: LoyceV on September 28, 2017, 01:52:52 PM

@warningsigns: It's most likely another DDOS. It's very cheap to do, and very hard to prevent.
You can try the Tor-version of the site.

This is really sad. All these sick characters and their perverted acts, wasting other people's time and opportunities. I know it's wrong to say this but there should be mandatory abortion laws for wives of those found to be responsible for these attacks. They should not be allowed to multiply and populate this planet with more of their kind. There. Got it off my chest.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

@warningsigns: It's most likely another DDOS. It's very cheap to do, and very hard to prevent.
You can try the Tor-version of the site.

warningsigns

hero member

Activity: 896

Merit: 1082

Is the site down? I keep getting a "This site can't be reached" error.

If it's down for maintenance, when will you be up and running again? Please let me know. Trying to teach and convince my (skeptical) friend how mixers work.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Thirdspace on September 28, 2017, 12:46:49 AM

what makes this different than "depositing to exchanger and withdrawing back"

The difference: logfiles.
Exchanges keep track of all transactions for eternity, mixers delete all records.

Thirdspace

hero member

Activity: 1232

Merit: 738

Mixing reinvented for your privacy | chipmixer.com

while looking for a signature campaign, I stumbled on chipmixer campaign
too bad, the campaign is closed for new participant
however I continue reading this Ann and a few last pages, and want to ask
what makes this different than "depositing to exchanger and withdrawing back"
wouldn't it somewhat similar on the ins & outs & trust on the 3rd party?
the process in the middle, between ins & outs, definitely completely different

Topic: [ANN] ChipMixer.com - Bitcoin mixer / Bitcoin tumbler - mixing reinvented - page 118. (Read 92462 times)