[ANN] ChipMixer.com - Bitcoin mixer / Bitcoin tumbler - mixing reinvented - page 36.

DireWolfM14

copper member

Activity: 2184

Merit: 4241

Join the world-leading crypto sportsbook NOW!

Quote from: ChipMixer on July 17, 2021, 08:36:15 PM

We are testing new v3 address. Some of you have received beta test link. Onion v3 will be public soon.

I love it! I played with the new Tor site last night and it worked great. I sent some coins to mix, split chips, combined chips, created a voucher, and withdrew some coins. All features worked fine.
And, now we have Segwit addresses! Woot woot!

Quote from: LoyceV on July 18, 2021, 10:53:09 AM

How about this:

Put chipmixer.com behind Cloudflare, with only a landing page.
The landing page shows a link to Tor browser, .onion URL and a link to a (newly created) clearnet URL without Cloudflare.
The URL without Cloudflare can be for instance nocloudflare.chipmixer.com. If there's no DDOS, it's available. During DDOS, the landing page is still available to point towards the .onion site.
This way, Cloudflare only knows you visited the clearnet landing page.

Those are great suggestions. A simple landing page behind Cloudflare would help protect the clear net site from DDOS attacks would likely resolve a lot of the issues. Even if all it did was prevent the main landing page from going down, that might be enough to prevent most people from clicking on the first link they see in the google search results.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: jackg on July 18, 2021, 11:21:52 AM

How fast do you think we'd spot them changing the onion link on the cf landing page

I don't expect Cloudflare to change the site. If they do, they can close their business.

Quote

We could always have chipmixer.com as the main page and iwantnoprivacy.chipmixer.com as the other.

I like the subdomain name Cheesy

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: LoyceV on July 18, 2021, 10:53:09 AM

Quote from: mocacinno on July 18, 2021, 09:08:27 AM

I personally think that putting chipmixer behind cloudflare wouldn't be good for chipmixer's reputation... However, putting a landing page behind cloudflare might actually work...

How about this:

Put chipmixer.com behind Cloudflare, with only a landing page.
The landing page shows a link to Tor browser, .onion URL and a link to a (newly created) clearnet URL without Cloudflare.
The URL without Cloudflare can be for instance nocloudflare.chipmixer.com. If there's no DDOS, it's available. During DDOS, the landing page is still available to point towards the .onion site.
This way, Cloudflare only knows you visited the clearnet landing page.

How fast do you think we'd spot them changing the onion link on the cf landing page (they could also generate user profiles and do it on a by-user thing) or just taking it down due to it being reported or something though?

Especially if the main page is behind cloudflare...

We could always have chipmixer.com as the main page and iwantnoprivacy.chipmixer.com as the other. Not everyone has a vpn and a I dont think anyone has a browser that isn't paid to add fingerprintable trackers - even on incognito.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: mocacinno on July 18, 2021, 09:08:27 AM

I personally think that putting chipmixer behind cloudflare wouldn't be good for chipmixer's reputation... However, putting a landing page behind cloudflare might actually work...

How about this:

Put chipmixer.com behind Cloudflare, with only a landing page.
The landing page shows a link to Tor browser, .onion URL and a link to a (newly created) clearnet URL without Cloudflare.
The URL without Cloudflare can be for instance nocloudflare.chipmixer.com. If there's no DDOS, it's available. During DDOS, the landing page is still available to point towards the .onion site.
This way, Cloudflare only knows you visited the clearnet landing page.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: ChipMixer on July 17, 2021, 08:36:15 PM

Or we can use it to announce we have moved into Tor permanent. Either way there will be changes and we do not like them.

I agree with the suggestion that the service should start using only TOR, because if privacy is important to us, then we should not make any compromises in that regard. I believe that most users who use CM are very familiar with what TOR provides, and that they will have no problem using it as the only way to access the service.

Quote from: BlackHatCoiner on July 18, 2021, 09:20:19 AM

Can someone give me an article, or explain, why the Tor's website can't be DDoS-ed same like clearnet's is?

Quote from: https://support.torproject.org/abuse/what-about-ddos/

Distributed denial of service (DDoS) attacks typically rely on having a group of thousands of computers all sending floods of traffic to a victim. Since the goal is to overpower the bandwidth of the victim, they typically send UDP packets since those don't require handshakes or coordination.

But because Tor only transports correctly formed TCP streams, not all IP packets, you cannot send UDP packets over Tor. (You can't do specialized forms of this attack like SYN flooding either.) So ordinary DDoS attacks are not possible over Tor. Tor also doesn't allow bandwidth amplification attacks against external sites: you need to send in a byte for every byte that the Tor network will send to your destination. So in general, attackers who control enough bandwidth to launch an effective DDoS attack can do it just fine without Tor.

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Can someone give me an article, or explain, why the Tor's website can't be DDoS-ed same like clearnet's is?

mocacinno

legendary

Activity: 3402

Merit: 5004

https://merel.mobi => buy facemasks with BTC/LTC

I personally think that putting chipmixer behind cloudflare wouldn't be good for chipmixer's reputation... However, putting a landing page behind cloudflare might actually work...
I mean, by keeping chipmixer.com online behind cloudflare, you give less opportunity to fake phising sites... But you can't put the actual mixer behind cloudflare... So the "best case" sollution would be to use chipmixer.com as cloudflare-protected anti-DDos portal to educate people on how to visit chipmixer on tor v3.

I'm actually kind of sad to see the current state of DDos'ing... I use my company's laptop 90% of the time, and i'm not allowed to install the tor browser (blacklisted due to company policy). I did beta test using my cellphone, it works great tough... Good job

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: ChipMixer on July 17, 2021, 08:36:15 PM

DDOS is now constant for many days and it will not stop. Google noticed that our service is offline and removed it from their results. If you search for "chipmixer" you will see only phishing links. If you send Bitcoins into their deposit addressess - your money is used to continue DDOS attack.

It looks like that we entered Cyber Attack pandemic like it was announced earlier, and I see constant attacks on everything Bitcoin related, including Chipmixer and Bitcoin.org website.

I think that better strategy is to totally close clearnet version and switch to TOR version or add some other alternative way to access Chipmixer service, maybe directly with some wallet or extension.

Quote from: LoyceV on July 18, 2021, 07:33:25 AM

I've reported two of the phishing sites to Google (again), but based on past experiences I don't expect them to act any time soon. Google offers a great service for phishing sites Sad

I reported phishing websites many times to google and I also didn't saw them react properly and that also applies to their service youtube, not to mention heavy censorship they are doing right now.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: ChipMixer on July 17, 2021, 08:36:15 PM

DDOS is now constant for many days and it will not stop. Google noticed that our service is offline and removed it from their results. If you search for "chipmixer" you will see only phishing links.

I've reported two of the phishing sites to Google (again), but based on past experiences I don't expect them to act any time soon. Google offers a great service for phishing sites Sad

Quote from: theymos on November 29, 2017, 04:07:39 PM

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

Quote from: theymos on November 29, 2017, 07:35:34 PM

Cloudflare is very probably an NSA honeypot

ChipMixer

sr. member

Activity: 456

Merit: 956

https://bitcointalk.org/index.php?topic=1935098

Quote from: ChipMixer on July 14, 2021, 07:36:56 PM

Chipmixer . com is under DDOS attack and phishing attack. Do not use .com right now. .onion is still safe.
We will provide more details soon.

DDOS is now constant for many days and it will not stop. Google noticed that our service is offline and removed it from their results. If you search for "chipmixer" you will see only phishing links. If you send Bitcoins into their deposit addressess - your money is used to continue DDOS attack.

We can give up and use Cloudflare to protect from DDOS. This will make some of our traffic visible to entity that watches 20% of internet traffic. Or we can use it to announce we have moved into Tor permanent. Either way there will be changes and we do not like them.

Tor access is working normal. We are testing new v3 address. Some of you have received beta test link. Onion v3 will be public soon.

ChipMixer

sr. member

Activity: 456

Merit: 956

https://bitcointalk.org/index.php?topic=1935098

Chipmixer . com is under DDOS attack and phishing attack. Do not use .com right now. .onion is still safe.
We will provide more details soon.

Incain Titil

newbie

Activity: 3

Merit: 0

Hello. Made payment according to the specified details, but did not receive his keys. There are already more than 6 confirmations, but there are still no keys. I have unsubscribed to support from this e-mail [email protected]. Please check my request

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: BlackHatCoiner on July 13, 2021, 04:48:19 AM

Quote from: ranochigo on July 13, 2021, 04:45:39 AM

The connection is encrypted end-to-end and there is no need for SSL in that case.

Oh, didn't know that. So, is ChipMixer's server essentially the exit node?

It makes them a server pointing to tor.

I'd add onto what ranochingo said because as well as end to end encryption, there's encryption at each hop. Tor used to tell you the number of hops it did (and it used to be 6) each of these would be encrypted and the transit nodes are only able to see the last hop and next hop locations, the encrypted data and nothing else.

The basis of tor imo is Firefox so there's a chance different algorithms might be used.

simple example of encryption
If you can't think of a way this can work, I'd explain it this way:
You transport the number 20, node 2 said their key was 5216 and node one said theirs was 5789 with the end server securely sending the code 562163
You could then transport your 20 in the following steps:
Send the sum of all keys to node 1: 573188
Node 1 subtracts 5789: 567,399
Node 1 sends this new number to node 2
Node 2 then does the same step and gets: 562,183
Node 2 then forwards to the service and the service finally gets: 20

Keys are much more securely sent than this, this is just an easy to explain example.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: BlackHatCoiner on July 13, 2021, 04:48:19 AM

So, is ChipMixer's server essentially the exit node?

No.

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: ranochigo on July 13, 2021, 04:45:39 AM

The connection is encrypted end-to-end and there is no need for SSL in that case.

Oh, didn't know that. So, is ChipMixer's server essentially the exit node?

ranochigo

legendary

Activity: 2982

Merit: 4193

Quote from: BlackHatCoiner on July 13, 2021, 04:22:33 AM

Excuse me from asking, but did ChipMixer operate without SSL certificate in v2 all that time? I hope we all know that more than half of the exit nodes aren't ran in good faith.

v2 onion service, or rather onion service in general doesn't pass through exit nodes it is contained within the onion network. The connection is encrypted end-to-end and there is no need for SSL in that case.

You have to use SSL for the clearnet website if you're running it through Tor though I would argue that just using the onion service is far safer.

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Excuse me from asking, but did ChipMixer operate without SSL certificate in v2 all that time? I hope we all know that more than half of the exit nodes aren't ran in good faith.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Quickseller on July 12, 2021, 04:50:38 PM

If I am not mistaken, CF could also see the private key given to the user when the user is ready to withdraw.

Correct. All the more reason not to use them.

Quote from: ranochigo on July 12, 2021, 07:12:00 PM

Forum uses cloudflare as well.

That was announced in the topic I quoted theymos from. Allow me to quote some more:

Quote from: theymos on November 29, 2017, 04:07:39 PM

With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks.

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies.

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.

ranochigo

legendary

Activity: 2982

Merit: 4193

Quote from: LoyceV on July 12, 2021, 04:45:11 PM

Theymos puts it like this

Forum uses cloudflare as well.

It is in effect an MITM with Cloudflare so of course not a great idea. Most (all?) DDOS protection services requires the packets to be routed to them for scrubbing though. Just use the onion address with Tor and you wouldn't have a problem.

Quickseller

copper member

Activity: 2870

Merit: 2298

Quote from: jackg on July 12, 2021, 03:47:03 PM

Quote from: bitblox on July 12, 2021, 03:32:57 PM

Quote from: ChipMixer on July 08, 2021, 08:00:51 PM

.com is currently under DDOS.

Install cloud flare ??
Seems attack still going really sucks

Installing cloudflare would likely compromise anonymity of anyone who uses them after that (cloud flare would be able to see things like a session token, deposit address and a lot of other information - like the user's individual ip address).

If I am not mistaken, CF could also see the private key given to the user when the user is ready to withdraw.

Probably not a good idea, IMO

Topic: [ANN] ChipMixer.com - Bitcoin mixer / Bitcoin tumbler - mixing reinvented - page 36. (Read 92520 times)