Topic: [ANN] ChipMixer.com - Bitcoin mixer / Bitcoin tumbler - mixing reinvented - page 49. (Read 92699 times)

This doesn't solve anything: if the rogue Tor node change a deposit address, they can also sign a Letter of Guarantee from any address under their control, and display said address as the "official" one.
Just use .onion if you use Tor.

Yeah it's been like that for a while, I just request desktop connection and then it works - didn't think to rotate it...

You could easily avoid this problem by providing a letter of guarantee. A rogue tor node won't be able to sign a message with an address, that is under your control.

Moreover, I believe, the use .onion address by mixing services is a farce, as long as they exist on clearnet. Users can access the clearnet domain from Tor browser. .onion primarily serves two purpose...

1. It mitigates MITM attack - If you provide letter of guarantee, MITM is not possible anymore. Because, except for the original server, no one else do have the ability to sign a message with an address, that is publicly declared on clearnet to be owned by the mixing service.

2. It hides the original server - If you already have a version running on clearnet, your server is just a few clicks away from 3 letter agencies. You can keep your data encrypted though. But having an .onion address does not give users any extra benefit.

The vertical mobile view has some issues showing the captcha and the text needs some re-arrangement.

It's not really an issue since everything is working in horizontal mode but it's a bit annoying. It's the same with Tor browser as well but i can't take a screen shot now

Maybe just add a note that the website is optimized for Landscape viewing

It is not because we are using lets encrypt - any ssl certificate would work the same way in this case.

If you use Tor to contact non-Tor website (anything other than .onion services) - one of 1200 Tor Exit nodes will tell you what ChipMixer.com service said.
If Tor Exit node is honest - it will tell "ChipMixer use encryption and this is data they encrypted for you" - your browser will display green lock icon.
If Tor Exit node is dishonest - it will tell "ChipMixer does not use encryption and this is plain-text data with fake deposit address" - your browser will not display green lock icon.

If you use Tor to contact Tor .onion website - connection is always encrypted and nobody can alter deposit address.

dont use clearnet adresses in TOR generally  it undermines the privacy principle and may trace u easier in some cases.

best regards  

Yes because they're using let's encrypt to generate the certificate so they don't have to kyc with anyone.

But it also means the attacker can do the same and just push connections through to them via a non ssl protocol (http).

So like even if you're typing chipmixer.com in TOR it's still considered unsecure?

ChipMixer deposit address never change for active session. If it changed - you have accessed website without encryption and Tor exit node used their own address instead of ours.

If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/

I'm pretty sure I was in the right website , I was just confused why the receiving bitcoin address changed while the session token was just the same. Now I don't have access to the address I used. Hopefully the admin can help me out.

If you have already imported the keys into an Electrum wallet and you want to move the funds to another wallet... just send them in a transaction as you normally would any other transaction.

Although, you might want to consider using the "spend from" option in Electrum, so that you avoid accidentally linking UTXOs back together by including them all as inputs to the same transaction. Also, it would be a go idea to avoid sending all the funds to the same address... as again, that creates a link between them all.

This is effectively the same thing as "sweeping"... all sweeping does is "simplify" the process for you and means you don't need to import any keys. Instead, it will take a private key (or keys) and then create a transaction that sends all available UTXOs controlled by those keys to an address of your choosing. Probably not ideal, as you can only specify ONE destination address when sweeping, and that will relink all the UTXOs back together again (unless you sweep each key individually).

So, your options are:

1. Import ChipMixer keys, then create transaction to send coins to other wallet (new keys)
or
2. Sweep ChipMixer keys directly into other wallet (new keys)
or
3. Do neither and leave the coins on the ChipMixer keys until you need to spend them

Neither importing nor sweeping is any more "private" than the other if you need to move the coins to another one of your wallets... they will both end up creating transactions that take coins from the ChipMixer addresses and send them to your addresses... and in both situations you need to take steps to prevent them all being relinked.

Leaving the coins on the ChipMixer keys until you wish to send them to someone else is probably better for privacy... but security wise is not great because ChipMixer have knowledge of the private keys and you have to trust them not to steal them (or leak the keys). So, in this case, it's a trade-off between privacy and security.


Which option is better for your particular use-case is only really something that you can determine.

It's best to email [email protected] (it's a good precaution never to trust third parties (such as me), always verify the email address on the actual website).

Each new wallet means an additional risk of compromising private keys. I would only import private keys when I'm ready to use them.

U right ive point this out in an wrong way i dont mean the keys import or sweeping i mean after the import of the keys.

for ex.  when i need it on an other wallet to gather funds,  then should i  sweep or to just send the keys to the other wallet  

just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer.

best regards

I need help regarding with my session. I was using TOR then connected to chipmixer.com I saved my session token after that I closed the TOR browser and open it again , I pasted my session token and the btc address already changed. I need help recovering my old btc address as my funds are sent to that address. I've been using chipmixer for like 2 years already and it's my first time encountering this problem.

You can view the transaction created in Electrum... "receive" addresses within your wallet will be highlighted green... "change" addresses will be highlighted in yellow. If you see an "output" that is green, it is most likely being recycled back into the original receive address.

This generally happens if you create a wallet in Electrum that only has imported private keys (in the title bar at the top, it should say [imported]), because Electrum cannot generate new private keys/addresses automatically for this type of wallet... it will only ever have the private keys that you have manually imported.

If you have a "standard" wallet... Electrum will generally automatically generate new change addresses as required. However, this wallet type will not let you import private keys, you can only "sweep" them.


You don't sweep imported keys... you either sweep the keys, which sends funds from those address(es) to a new address(es)... or you import the keys and the funds stay on the original key(s)/address(es) until spent...

So, which one are you doing?

Yeah it's not within the scope for a normal user, might have been better to say site settings are normally findable from where you can hit the padlock and hit settings or options to delete data.

If you sweep using electrum with the addresses individually then you'll be sending funds individually. If you just import the private keys to a new wallet, you'll have to get a receive address and click each you're trying to spend in turn, right click and press spend from for each... A new return address should be generated each time you send a new transaction but memorising the last 3 characters for example or even the last one shouldn't hurt too much.

@jackg:


i think thats not really practicable for an normal user to hit f12 to solve an problem.

@jackg:
@hcp:

Not its getting complicated , at least for me and my limited knowledge about how the bitcoin network is working under the surface.

neverthless i'm trying to understand and thanks for guidance.

how could i figure this out, if i get a "new" change address or an old one ? ( i use electrum )

what if i'm not sweeping my imported keys but just sending to my general wallet ? does it hold my privacy level in any way instead sweeping ?

best regards

@chipmixer:


Whats the reason to hold the same token after destroy the session.


Ok but if i try to read the faq over tor it doesn't work cause the side elements for expand the Answers seems to embedded with java code.

best regards   


 

I can't reproduce it anymore, so all good.

No I was talking about the console you get by hitting f12 in most browsers, isn't that still available in tor.

I'm not sure on running a js app from a your own machine either in tor - I thought that was allowed as there are no outward connections.