Pages:
Author

Topic: [ANN] ChipMixer.com - Bitcoin mixer / Bitcoin tumbler - mixing reinvented - page 49. (Read 92830 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
You could easily avoid this problem by providing a letter of guarantee. A rogue tor node won't be able to sign a message with an address, that is under your control.
This doesn't solve anything: if the rogue Tor node change a deposit address, they can also sign a Letter of Guarantee from any address under their control, and display said address as the "official" one.
Just use .onion if you use Tor.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory

Maybe just add a note that the website is optimized for Landscape viewing Smiley

Yeah it's been like that for a while, I just request desktop connection and then it works - didn't think to rotate it...
jr. member
Activity: 95
Merit: 9
Devil's Advocate
So like even if you're typing chipmixer.com in TOR it's still considered unsecure?
If you use Tor to contact non-Tor website (anything other than .onion services) - one of 1200 Tor Exit nodes will tell you what ChipMixer.com service said.
If Tor Exit node is honest - it will tell "ChipMixer use encryption and this is data they encrypted for you" - your browser will display green lock icon.
If Tor Exit node is dishonest - it will tell "ChipMixer does not use encryption and this is plain-text data with fake deposit address" - your browser will not display green lock icon.

If you use Tor to contact Tor .onion website - connection is always encrypted and nobody can alter deposit address.
You could easily avoid this problem by providing a letter of guarantee. A rogue tor node won't be able to sign a message with an address, that is under your control.

Moreover, I believe, the use .onion address by mixing services is a farce, as long as they exist on clearnet. Users can access the clearnet domain from Tor browser. .onion primarily serves two purpose...

1. It mitigates MITM attack - If you provide letter of guarantee, MITM is not possible anymore. Because, except for the original server, no one else do have the ability to sign a message with an address, that is publicly declared on clearnet to be owned by the mixing service.

2. It hides the original server - If you already have a version running on clearnet, your server is just a few clicks away from 3 letter agencies. You can keep your data encrypted though. But having an .onion address does not give users any extra benefit.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
The vertical mobile view has some issues showing the captcha and the text needs some re-arrangement.

It's not really an issue since everything is working in horizontal mode but it's a bit annoying. It's the same with Tor browser as well but i can't take a screen shot now Smiley

Maybe just add a note that the website is optimized for Landscape viewing Smiley
sr. member
Activity: 456
Merit: 956
https://bitcointalk.org/index.php?topic=1935098
So like even if you're typing chipmixer.com in TOR it's still considered unsecure?
Yes because they're using let's encrypt to generate the certificate so they don't have to kyc with anyone.
It is not because we are using lets encrypt - any ssl certificate would work the same way in this case.

So like even if you're typing chipmixer.com in TOR it's still considered unsecure?
If you use Tor to contact non-Tor website (anything other than .onion services) - one of 1200 Tor Exit nodes will tell you what ChipMixer.com service said.
If Tor Exit node is honest - it will tell "ChipMixer use encryption and this is data they encrypted for you" - your browser will display green lock icon.
If Tor Exit node is dishonest - it will tell "ChipMixer does not use encryption and this is plain-text data with fake deposit address" - your browser will not display green lock icon.

If you use Tor to contact Tor .onion website - connection is always encrypted and nobody can alter deposit address.
member
Activity: 138
Merit: 20
Quote
So like even if you're typing chipmixer.com in TOR it's still considered unsecure?

dont use clearnet adresses in TOR generally  it undermines the privacy principle and may trace u easier in some cases.

best regards  
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory


So like even if you're typing chipmixer.com in TOR it's still considered unsecure?

Yes because they're using let's encrypt to generate the certificate so they don't have to kyc with anyone.

But it also means the attacker can do the same and just push connections through to them via a non ssl protocol (http).
newbie
Activity: 3
Merit: 0
Attention:

At least one Tor exit node serves chipmixer.com as plain-text stripping SSL encryption and replacing deposit address with their own.

If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/

I need help regarding with my session. I was using TOR then connected to chipmixer.com I saved my session token after that I closed the TOR browser and open it again , I pasted my session token and the btc address already changed. I need help recovering my old btc address as my funds are sent to that address. I've been using chipmixer for like 2 years already and it's my first time encountering this problem.
ChipMixer deposit address never change for active session. If it changed - you have accessed website without encryption and Tor exit node used their own address instead of ours.

If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/


So like even if you're typing chipmixer.com in TOR it's still considered unsecure?
sr. member
Activity: 456
Merit: 956
https://bitcointalk.org/index.php?topic=1935098
Attention:

At least one Tor exit node serves chipmixer.com as plain-text stripping SSL encryption and replacing deposit address with their own.

If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/

I need help regarding with my session. I was using TOR then connected to chipmixer.com I saved my session token after that I closed the TOR browser and open it again , I pasted my session token and the btc address already changed. I need help recovering my old btc address as my funds are sent to that address. I've been using chipmixer for like 2 years already and it's my first time encountering this problem.
ChipMixer deposit address never change for active session. If it changed - you have accessed website without encryption and Tor exit node used their own address instead of ours.

If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/
newbie
Activity: 3
Merit: 0
I need help regarding with my session.
It's best to email [email protected] (it's a good precaution never to trust third parties (such as me), always verify the email address on the actual website).

for ex.  when i need it on an other wallet to gather funds,  then should i  sweep or to just send the keys to the other wallet 

just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer.
Each new wallet means an additional risk of compromising private keys. I would only import private keys when I'm ready to use them.


I'm pretty sure I was in the right website , I was just confused why the receiving bitcoin address changed while the session token was just the same. Now I don't have access to the address I used. Hopefully the admin can help me out.
HCP
legendary
Activity: 2086
Merit: 4361
U right ive point this out in an wrong way i dont mean the keys import or sweeping i mean after the import of the keys.

for ex.  when i need it on an other wallet to gather funds,  then should i  sweep or to just send the keys to the other wallet  
just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer.
If you have already imported the keys into an Electrum wallet and you want to move the funds to another wallet... just send them in a transaction as you normally would any other transaction.

Although, you might want to consider using the "spend from" option in Electrum, so that you avoid accidentally linking UTXOs back together by including them all as inputs to the same transaction. Also, it would be a go idea to avoid sending all the funds to the same address... as again, that creates a link between them all.

This is effectively the same thing as "sweeping"... all sweeping does is "simplify" the process for you and means you don't need to import any keys. Instead, it will take a private key (or keys) and then create a transaction that sends all available UTXOs controlled by those keys to an address of your choosing. Probably not ideal, as you can only specify ONE destination address when sweeping, and that will relink all the UTXOs back together again (unless you sweep each key individually).

So, your options are:

1. Import ChipMixer keys, then create transaction to send coins to other wallet (new keys)
or
2. Sweep ChipMixer keys directly into other wallet (new keys)
or
3. Do neither and leave the coins on the ChipMixer keys until you need to spend them

Neither importing nor sweeping is any more "private" than the other if you need to move the coins to another one of your wallets... they will both end up creating transactions that take coins from the ChipMixer addresses and send them to your addresses... and in both situations you need to take steps to prevent them all being relinked.

Leaving the coins on the ChipMixer keys until you wish to send them to someone else is probably better for privacy... but security wise is not great because ChipMixer have knowledge of the private keys and you have to trust them not to steal them (or leak the keys). So, in this case, it's a trade-off between privacy and security.


Which option is better for your particular use-case is only really something that you can determine.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I need help regarding with my session.
It's best to email [email protected] (it's a good precaution never to trust third parties (such as me), always verify the email address on the actual website).

for ex.  when i need it on an other wallet to gather funds,  then should i  sweep or to just send the keys to the other wallet 

just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer.
Each new wallet means an additional risk of compromising private keys. I would only import private keys when I'm ready to use them.
member
Activity: 138
Merit: 20
Quote
So, which one are you doing? Huh

U right ive point this out in an wrong way i dont mean the keys import or sweeping i mean after the import of the keys.

for ex.  when i need it on an other wallet to gather funds,  then should i  sweep or to just send the keys to the other wallet  

just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer.

best regards

newbie
Activity: 3
Merit: 0
Attention:

At least one Tor exit node serves chipmixer.com as plain-text stripping SSL encryption and replacing deposit address with their own.

If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/




I need help regarding with my session. I was using TOR then connected to chipmixer.com I saved my session token after that I closed the TOR browser and open it again , I pasted my session token and the btc address already changed. I need help recovering my old btc address as my funds are sent to that address. I've been using chipmixer for like 2 years already and it's my first time encountering this problem.
HCP
legendary
Activity: 2086
Merit: 4361
how could i figure this out, if i get a "new" change address or an old one ? ( i use electrum )
You can view the transaction created in Electrum... "receive" addresses within your wallet will be highlighted green... "change" addresses will be highlighted in yellow. If you see an "output" that is green, it is most likely being recycled back into the original receive address.

This generally happens if you create a wallet in Electrum that only has imported private keys (in the title bar at the top, it should say [imported]), because Electrum cannot generate new private keys/addresses automatically for this type of wallet... it will only ever have the private keys that you have manually imported.

If you have a "standard" wallet... Electrum will generally automatically generate new change addresses as required. However, this wallet type will not let you import private keys, you can only "sweep" them.


Quote
what if i'm not sweeping my imported keys but just sending to my general wallet ? does it hold my privacy level in any way instead sweeping ?
You don't sweep imported keys... you either sweep the keys, which sends funds from those address(es) to a new address(es)... or you import the keys and the funds stay on the original key(s)/address(es) until spent...

So, which one are you doing? Huh
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory

@jackg:

Quote
No I was talking about the console you get by hitting f12 in most browsers, isn't that still available in tor.

i think thats not really practicable for an normal user to hit f12 to solve an problem.

@jackg:
@hcp:

Not its getting complicated , at least for me and my limited knowledge about how the bitcoin network is working under the surface.

neverthless i'm trying to understand and thanks for guidance.

how could i figure this out, if i get a "new" change address or an old one ? ( i use electrum )

what if i'm not sweeping my imported keys but just sending to my general wallet ? does it hold my privacy level in any way instead sweeping ?

best regards



Yeah it's not within the scope for a normal user, might have been better to say site settings are normally findable from where you can hit the padlock and hit settings or options to delete data.

If you sweep using electrum with the addresses individually then you'll be sending funds individually. If you just import the private keys to a new wallet, you'll have to get a receive address and click each you're trying to spend in turn, right click and press spend from for each... A new return address should be generated each time you send a new transaction but memorising the last 3 characters for example or even the last one shouldn't hurt too much.
member
Activity: 138
Merit: 20

@jackg:

Quote
No I was talking about the console you get by hitting f12 in most browsers, isn't that still available in tor.

i think thats not really practicable for an normal user to hit f12 to solve an problem.

@jackg:
@hcp:

Not its getting complicated , at least for me and my limited knowledge about how the bitcoin network is working under the surface.

neverthless i'm trying to understand and thanks for guidance.

how could i figure this out, if i get a "new" change address or an old one ? ( i use electrum )

what if i'm not sweeping my imported keys but just sending to my general wallet ? does it hold my privacy level in any way instead sweeping ?

best regards

member
Activity: 138
Merit: 20
@chipmixer:

Quote
You will get new session with same token

Whats the reason to hold the same token after destroy the session.

Quote
It does not require Javascript or user action

Ok but if i try to read the faq over tor it doesn't work cause the side elements for expand the Answers seems to embedded with java code.

best regards   


 
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
If I Destroy my session, then restore that session in another browser, I get the same deposit address. Is that the intended behaviour?
If you destroy the session (at step 4 you confirm you want to destroy it) - it is impossible to get same deposit address when you restore session with session token. You will get new session with same token but different deposit address and no history. If that is not true - please send us more info by email.
I can't reproduce it anymore, so all good.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory

@jackg:

i think the tor browser blocks all java ( thats also the reason for that the faq site doesn't working properly anymore)

may just a design for the faq site without folded out parts is an better privacy oriented option.  

No I was talking about the console you get by hitting f12 in most browsers, isn't that still available in tor.

I'm not sure on running a js app from a your own machine either in tor - I thought that was allowed as there are no outward connections.
Pages:
Jump to: