Topic: [ANN] Whirlwind.money | ⚡No Fee⚡ | Ultimate Privacy | Anonymity Mining 12% APR🔥 - page 31. (Read 12718 times)

Well that doesen't fit the bill for what we'd call an 'actual reason'. Shitcoin platforms are trying to lure investors in for the sole reason of earning yield or making huge returns, there is no reason why they'd need Bitcoin from users in the first place to 'keep the platform safu'. It should be safu with or without customers funds since those are exactly that.. customer funds.

We on the other hand need volume at the beginning in order to offer better privacy. If any of the previous explanations were not clear enough or you feel like something doesen't make sense please let us know and we will explain again.

This campaign will run for a fixed time until we get to a certain number of deposits (Anonymity Set) or total BTC volume that went through the platform. Assuming we will go ahead we expect this to last between 1 to 3 months, so our costs will be somewhere between 2 and 6 BTC. Whatever the final amount will be we believe this is a very small price to pay for what we will get in return. After we reach our Anonymity Set goal Whirlwind will undeniably offer the best privacy you can get on Bitcoin, and by default that will translate into more customers.

Why would we try to make a profit now when we know for a fact that our service is missing something and customers with 10BTC+ cannot use the platform efficiently (meaning withdraw everything at once immediately without being a privacy risk). Doesen't it make more sense to invest a bit more now and take the lead for good while we basically have no competition? Even if our competitors realize they need to make changes and switch to the same model afterwards they would be too far behind to ever compare to the privacy we're offering.

We afford to pay these rewards and the signature campaign for many months before we need to worry about turning a profit so this is not a concern at the moment. It also seems that everyone who's using the service donates a pretty good amount so this gives us reasons to believe that once we achieve our Anonymity Set goal this will turn into a very profitable business.

Our only concern right now is reaching that level. If we are able to do that then Whirlwind will definitely be a big success, if we don't it will most probably be a fail. This is a risk we knew and accepted when we started developing the platform on this model.

Just about any shitcoin platform that was offering to exchange Bitcoin for their new ''revolutionary'' token that earn with staking, or yield earning platforms with high percentage interest rate that later shut down in 2022.... they all asked Bitcoin to keep it ''safu''.
Nobody is saying you are trying to do the same thing like them, but it makes me wonder how are you going to sustain paying 10% rewards to everyone with notes and still make any profit for yourself.
I am not saying it won't attract some attention, but it can end up very bad for everyone with one small mistake, so again we should trust you and hope nothing bad will happen.
My question is, are you sure you will be able to sustain paying 10% rewards and how?

You start the message with 0 doubts saying "No" but then you proceed to show that by mistake or intentionally you misunderstood parts of our previous message and even presented your personal assumptions as facts, even though that seems highly unlikely for such a security conscious person as you seem to be so after this message if you are still not convinced we can agree to disagree on this subject. We will never reveal all information about how everything works or anything that could be used against us, but what we've said until now is already more than enough to use as valid arguments for your concerns.

1.We never said we are only using VPN/Tor/Datacenter IPs
2.We never said the servers we're using for the checks are in a 'far away' location, nor did we say that they are in one place.
3.We are not underestimating the control that Cloudflare has, but what Cloudflare thinks or estimates is simply not enough in this case no matter how many statistics they can collect. in order for any MITM attack to be succesful they need to be right in 100% of cases.
4.There are multiples of times more requests made by us than from real users so statistically speaking their chance to be successful for even a day is incredibly small, let alone for a long period of time.


1.An 'estimate' is still not enough. They need to be right in 100% of cases to perform a large scale attack
2.Remote access makes no difference
3.We mentioned we are using various fingerprints for the checks
4.We already said Cloudflare is a temporary solution implemented for a very short period of time until we gain more popularity, 'an eternal battle' doesen't seem accurately worded

We already mentioned that the only way to be 100% sure that nothing is being tampered with is to release a CLI or GUI open source app, with the backend's public key directly patched into the code. This way, we would be sure the data cannot be tampered with, since it is downloaded from a safe source.

There is only one problem with this approach, Clearnet is mostly used by people who don't download Tor browser, so they probably won't download our app or use the CLI either.

By your logic, which we agree with to a certain point, all clearnet services are insecure no matter if they use Cloudflare or not. If you host the server somewhere then it could be wiretapped/spied on by the provider etc. and in that case there really is no way to know, that is also a more likely scenario to happen IMO than Cloudflare successfully breaking our security unnoticed. You also can't host it yourself since it's exposed, so really there is no way to be 100% sure that a clearnet website is secure, that's why we always highly recommend using Tor.

TLDR: A large scale attack is not possible in the way you described. Targeted attacks? Possible in certain edge cases as previously acknowledged, but still highly improbable to happen if the user in question does basic things like change his IP and use a fresh Private window. Other types of attacks? Anything is possible with a clearnet service regardless of what security measures you take and that is not a problem we're trying to solve as it has nothing to do with our service.

This I don't know and I think is impossible to know for now. This is a "social" question/"question of trust" rather than a technical one. I think it is impossible to know the answer before either the copyright supporters fight against us much more openly than now, or something really revolutionary or disastrous causes them to lose power. Most terrible activities of the authoritarian regimes of the past typically became known only after the regimes have fallen.

Technically, that's possible. But how likely is this?

I've never read about such a case. That doesn't mean it's not possible, but it makes me think it's not very likely either.

No. This way, an obvious next move for cloudfare is to spoof your website for all requests from IPs that are far away from your server's one and from what cloudfare thinks is probably not remotely accessible (no vpn server, no tor node, no datacenter - they control a huge part of the internet traffic, it's easy for them to collect this kind of statistics). Or they can add one more condition for contents alteration: they alter the contents only if their estimate of the user's computer knowledge is low. Then even verification of your webiste by someone living far away (but without remote access to their computer) will not help. Once you start to collaborate with cloudfare, this will be an eternal battle of shield and spear at best.

If they alter a particular http(s) request so that it looks "correct at a first glance", this will be really hard to detect, and I don't know such cases. But when you open a typical webpage, your browser makes a lot of individual http(s) requests. And what cloudfare is really doing all the time is that they randomly ban a small percentage of these requests (you can see this in firefox's "web developer -> network"), essentially cracking out small pieces of the pages, breaking and altering websites' behavior for the users, sometimes to the extent complete loss of usability.

(Technically speaking, when they show their "standard ban page" instead of the whole website, they also modify the http(s) response conents, but I think you were asking about something not so obvious.)

For me, this sounds like a really outdated idea, unfortunately. Most of the present-day internet is controlled by a very small number of very user-unfriendly companies like cloudfare, google, facebook, etc. It would not be a problem for them to censor out such an outcry. Even if they don't stop the spread of information entirely, it's not a problem for them to limit it to just a small number of sparse complaints at random forums.

I trust in @minerjones, but adding several users will be better, meaning that escrow address will be a multi-sign address, 3 out of 5 will be perfect or any other model.
Also, the distribution of escrow to include Bitcoin/DAI will be good with the amount of 50k USD or 60k USD.

Confirming there are still 40k+ DAI in escrow
And I was not aware of the 7-day release rule, but will enforce this when asked for the funds return

I know Cloudflare can change the site's content, but I'm genuinely curious - does anyone know of an instance of them doing such a thing? I'm sure they watch user transactions on various sites, but I do wonder if they've actually ever modified a site against the owner's consent. They're a public company, so I would think that it'd be possible to find some info on whether or not they've done such a thing. I'm leaning towards thinking that they probably never have modified a site because it'd cause such an outcry if they did, and they'd lose thousands or even millions of customers. Any insight from anyone?

Thank you for bringing this up. We intentionally omitted to include very important details in the initial explanation but considering your concerns this needs to be addressed now.

Firstly we want to confirm everything you said is completely true.

We are fully aware this is not a perfect solution, and we are not underestimating the power Cloudflare has with such a MITM attack. Using the onion link is the most private way to use the service, but we tried to make the service as safe as possible to use on the clearnet version as well and we believe our implementation is as close to perfection as you can get in this situation.

With the current design, if Cloudflare doesn't implement any active MITM attacks, all old data which went through Cloudflare will not have been compromised if they weren't running the attack.

With the clearnet frontend, it is basically impossible to 100% guarantee the frontend code is not tampered with, only if we would provide a script with which a user can verify the checksum of the build. Obviously, this cannot happen automatically since Cloudflare can just remove or edit the code snippet.

Another possible solution is to release a CLI or GUI open source app, with the backend's public key directly patched into the code. This way, we would be sure the data cannot be tampered with, since it is downloaded from a safe source. We also thought about having a safe server without Cloudflare where the frontend would just fetch the public key from, but this can be DDoSed, and Cloudflare could again patch the frontend code replacing the server address.

In the short term, we believe this was the best way to get the clearnet service running with as much privacy as possible,  and after the service gains more popularity we will definitely switch back to our proprietary solution. We were ddos attacked with a lot of firepower so in order to contain that we would need to spend a lot on severs for load balancing and that just doesen't make much economic sense, that money is better spent elsewhere at the moment especially considering that we just started and we have a system in place to detect if Cloudflare interferes in any way.

We implemented an automatic verification script that runs "honeypots" which access the clearnet version from different IPs and various request fingerprints and automatically check everything is ok. If one server sees the frontend is tampered with it will alert us and automatically shut down the clearnet version. This way, the only possible way for such an attack to happen would be for Cloudflare to target a specific IP. Since users know for a fact their IP is logged by Cloudflare by default this shouldn't be an issue.

This should answer most questions you could have in this regard but if there is anything else don't hesitate to ask.

It seems to me that you underestimate the ability of MITM attacks on your traffic. When cloudfare MITMs your traffic, they can do anything with it. I mean, really, really anything. Generally speaking, nothing prevents them from MITMing your "second layer of encryption as well as the first one" and sending a fake public key for your ECC to the user. They can also remove the ECC encryption entirely. Theoretically, after that they can even send a fake bitcoin address to the user and seize the BTC the user was going to mix (although in reality, I doubt they are ready to act so openly yet).

With your current design, the easiest technological solution for cloudfare is to access your on-premises server via tor after they receive a HTTPS request to their "ddos-protection" MITM server. Nobody will notice anything. The clearnet user will just see a bitcoin address and send BTC there, and you will see in your server logs that someone accessed your server "via TOR". Nobody will notice anything before the user suddenly gets arrested a few years later.

Not unless we'd build a proprietary system to screen incoming transactions and check that the coins are not originating from our multi-sig. We tried to find an alternative to avoid abuse without having to build this system but there is no other way and implementing something like this doesn't seem like a good idea at all. Censorship of any sort is out of question even if it's for a good reason like in this case.

We knew our proposal would cause some backlash, and for good reason. As LoyceV mentioned in a previous message if we were planning an exit-scam, this is how it would look like and there is no way for you to know if this is the case or not, nor do we have any way of proving that this is not our intention.

On the other hand as explained in the previous messages Whirlwind needs a strong Anonymity Set in order to function correctly for any amount, and not getting to that point introduces risks for our users as well as for our reputation. In this case from our point of view we are left with the following choices:

-Go ahead with the campaign and risk backlash, but on the bright side if it works we will become by far the best privacy tool that ever existed for Bitcoin. Technically speaking it already is, but in order for this to translate into the real life we need the numbers to back it up.

-Don't go ahead with the campaign to avoid backlash and raising red flags, but be prepared to deal with the fallout in case the Anonymity Set doesn't increase and certain users are deanonymized. We believe if this happens there is a pretty high chance that it would lead Whirlwind to failure, we use a novel mechanism that users don't completely understand and if we start on the wrong foot it's going to be even harder to come back and gain their trust back.

This would also give our competitors reasons to attack our model and for a normal user that doesen't understand how everything works it would seem like they are right, for example:
*a competitor* deposits 20BTC into our 10BTC multi-sig, withdraws it all at once and then proceeds to blast us saying 'look, your solution is useless. it's almost sure where the 20BTC came from'
our response: yeah but you know.. our system needs a strong anonymity set to work well and you will be able to do this in the future but for now we didn't see that much usage yet
competitors response: yeah but why would anyone use you compared to us? send 20BTC to our solution and see what happens

Even though the 20BTC 'mixed' through our competitors could most likely be traced back to their originating address too, it's not as obvious as in our case for a normal user to do because we have the public multi-sig as opposed to just sending other people's coins.

My point here is that it doesen't matter that our system offers exponentially better privacy once we get to a certain Anonymity set figure if we never get to that level.

So do we really have anything to lose if we go ahead with the anonymity campaign? Maybe, maybe not. There may be even more backlash than until now and some may be turned away from our solution for good because they won't trust us at all anymore, but not going ahead may cause way greater issues because of which it's going to be pretty much impossible to recover.

We already took a big risk implementing something new and for some reason we expected to see much more organic usage (this is the reason why we didn't start with the anonymity campaign from the beginning), but seeing that doesn't happen, or at least not as fast as it needs to, we are forced to explore other options and take other risks in order to achieve it. One way or another the Anonymity Set needs to grow to at least a few thousand deposits, otherwise this was all in vain.

Would there be anything to prevent someone abusing this by just constantly depositing and withdrawing the same coins over and over?

OK, thinking twice about it, your argument is valid and the solution appropriate. I see it differently now and I would even say that the sooner the better. It's just that's it's something we're not used to see in the industry.

(I look forward to your comparison, it would be a good read)



It makes no difference to me but there are people with a different opinion than me of course, so why not ...

We haven't explored any marketing channel other than Bitcointalk and the reason for that is we do not want to associate our service with illegal activity. We could easily go down that route and it would certainly be much easier to attract deposits and grow the Anonymity Set, but it'd render all our efforts to stay compliant useless. As we said since the beginning we intend to do everything in our power to operate Whirlwind in a way that doesen't give anyone specific reasons to attack us, all without compromising our users privacy even in the slightest bit. All the security precautions we took would be rendered useless too if our service ever gets sanctioned for any reason, and the service would become unusable. Sure, funds won't be lost thanks to our architecture but all our work would still be gone and together with it the only true privacy solution available on Bitcoin.

It might sound like we're continuously ranting about the way our competitors are doing things for no real reason, but you'll know why after we publish our comparison. It's important to mention that as soon as they fix the issues outlined by us and many others we will give them credit for doing so, but if they had any intention of doing so Whirlwind wouldn't exist in the first place. We noticed a clear gap in the market (before CM downfall) and that's why we decided to present our own solution. It remains to be seen if the public appreciates it or not and may the best service win in the end. We'd obviously wish to be that service but even if it doesen't happen it's fine as long as competitors step up their game and offer real privacy.

Anything over 2-3000 deposits should be decent enough for most amounts, but IMO 10,000 deposits is what we should aim for.

People will definitely recognize Whirlwind as a privacy tool and not a staking platform, even if this campaign goes ahead it would only happen for a very limited amount of time before the service becomes popular.

I'm glad you brought up "Time" and essentially asked us why don't we just wait for the Anonymity Set to grow naturally. There is a good reason for that, allow me to explain:

Imagine the following situation: The Anonymity Set is 291 and there are 10BTC currently in the multi-sig. If you want to deposit any amount over 5BTC from Address A and withdraw it immediately to Address B it would be pretty easy to assume where your output originated from, so essentially you cannot use the service in this case. Our personal BTC reserve size makes no difference in this case since we cannot add it all at once, it needs to be added slowly blended between other users deposits so it counts towards the Anonymity Set.

So just 'waiting' for time to pass until users decide to try our service doesen't make much sense and it can do more harm than good for our reputation because if the above example happened in real life and that person gets deanonymized, it could be perceived by the public as an issue with the way Whirlwind works rather than the obvious reason for why that happened, which is the Anonymity Set being too low and the overall volume being too low for that amount to be withdrawn immediately.

Again, our goal with this campaign is to grow the number of deposits, not necessarily the amount of BTC in the multi-sig since we will be able to add our own reserve as long as deposits happen.

For more peace of mind we could change the way the campaign works so instead of allocating a fixed amount to distribute to users every day, you receive a fixed amount at the moment of deposit and you are free to withdraw whenever afterwards keeping the reward. Maybe this is a better solution?

https://www.justice.gov/opa/press-release/file/1574581/download    -    Section E as an example

We are not lawyers but we don't think we are selling 'funded Collectibles'. In this case a no-kyc exchange is also a money laundering service? We'd prefer to stop talking about these matters as we don't have the expertise to do so, but from everything we've read we don't think that what we do can be considered illegal. Kucoin's hot wallet has a 4x worse AML score than our multi-sig

Of course not, the point was that if people entrusted their funds with that kind of people/companies with all possible red flags slapped on them, it shouldn't be too much to ask to take a small risk in order to help advance Bitcoin's privacy as a whole. And this risk basically means using the service, with or without this campaign users would still have to trust us if they want to use Whirlwind, same as with any centralized solution.

Agreed, but then the question remains. How to bootstrap this in a safer way than what we already proposed as simply waiting is not really a solution?

Edit because I missed a question:
CMIIW but as far as I know they didn't. We sign a LoG for every action you make on the website, including Pay to Note and every single withdraw so it's possible for every user to prove where their funds originated from and where they were spent. This was not possible in CM case

Thank you for the suggestion, we will give it a thought.

It would be nice to have the option to deposit less than 0.001 btc. For example, if I have 2 addresses that have 0.0005 btc each, it would be nice to have the option to combine these amounts without showing directly on the blockchain that they both belong to the same person. (Preferably, this option should allow one to send these two amounts of 0.0005 BTC to two different whirlwind's BTC addresses.)

So, the option to deposit less than 0.001 BTC in a single transaction would be useful even if withdrawals are only possible with fixed values, and the lowest of these values is 0.001 BTC. It becomes even more useful if "fast" withdrawals of non-fixed amounts are possible again, and yet more useful when exchange to monero is available. If such deposits are disabled now because the blockchain fees constitute too much percentage of the deposit amount, I don't see any problems with charging a corresponding fee to such mixes, even if you want to keep the mixes with a single top-up of >= 0.001 BTC fee-free.

No. I agree that you have a good reason, but that doesn't change the risk involved. I'm not saying you are, but if you'd be planning an exit scam, this would be a great way to increase the amount. That is what you risk getting associated with.

By that definition, selling a funded Collectible could be considered money laundering too.

Agreed.

Time?
Especially since it has been ~1 month only and you surely haven't explored all the possible channels to market Whirlwind. And as you pointed before, people don't understand correctly how Whirlwind can be superior compared to other services.

How many deposits will you  consider the Anonymity set good enough so it doesn't need an Anonymity mining campaign or doesn't need to continue it?

I would also say for an Anonymity mining campaign, the words to promote it have to be choosen wisely...
I prefer to see people know Whirlwind as a mixer, rather than people telling me "yeah, I know Whirlwind. You can invest BTC and make a few bucks for profits"

Our perspective is that we are not paying 'staking profits', we are paying users to grow the Anonymity Set and that doesen't necessarily imply storing your Bitcoin on Whirlwind for a long period of time. You could deposit, receive a day worth of rewards and then withdraw. That would still help us achieve our goal while minimizing your risk. You could also monitor the multi-sig balance and withdraw whenever you feel like the amount is too big.

In any case there is still risk involved and I want to emphasize that we are not downplaying it by any means, we are presenting the details of how everything will work and you are free to decide for yourself if it makes sense to use Whirlwind or not.

Open question: Let's assume we don't go ahead with the Anonymity mining campaign, what other alternative exists to grow the Anonymity set? We need to bootstrap this in one way or another until we get to a decent number, for example 10,000 deposits. After that point it won't be necessary to pay anyone anything since the service would already be secure enough, that is the whole point.

There are major differences between our service and CM and the way they are operated, for these reasons we don't believe we will suffer the same fate. Keep in mind that we are doing nothing illegal and privacy does not equal criminal activity.

1.Whirlwind is not a traditional 'mixer' by any means, it's way more than that. In fact we do not think that term is appropriate, a better description would be one of the following: Privacy Pool/Privacy Protocol/Privacy Tool/Permissioned Privacy Oriented Bitcoin Sidechain.
2.Their mixing method was to provide you with an address funded before your deposit, that could already be considered money laundering. We on the other hand don't use any shady mechanisms while achieving superior privacy.
3.They openly encouraged the use of their service for illegal purposes. We do not encourage this kind of behaviour and do not advertise in any places where this is the case.
4.We offer users all the tools that they need in order to stay compliant. You can prove the origin of funds if you ever need to and that responsibility lies solely with the user, not with us. If a service deems outputs from Whirlwind as risky they can ask for more info whenever a user deposits those outputs there, it's none of our business and it's the users choice if he wants to comply or not.
5.We didn't commit any crimes while creating/operating Whirlwind as opposed to CM's identity theft and other things
6.CM opsec was ridiculously bad on a personal level as well as regarding the service itself. If 2 servers paid with Paypal accounts that are linked together in multiple ways is all you need to find in order to take the service down then noone should be surprised when it happens. Whirlwind's infrastructure is way more complex than that and for this reason funds can't just dissapear out of the blue unless we exit-scam ourselves.

Our Anonymity mining campaign will run until we get to a certain number of total deposits and that will probably take 1-3 months. If CM implemented a similar thing only for their first 4 months of existence there would be no issue. They didn't need to do that because their system works in a fundamentally different way, we on the other hand need a strong Anonymity Set in order to provide real privacy, and the higher it is the better. While the current figure (291 total deposits) is more than enough for low amounts, we need it to be way higher in order to be able to process higher amounts in a timely manner with the same level of privacy.

It seems to me that LoyceV was not directly aiming at the mixer that pays out "staking" profit, but generally at the hold of Bitcoins with a third service. I am personally of the same opinion that it is a very risky move, especially when it comes to the mixing service.
Mixers play on a very tiny line, and once they cross it, the authorities react quickly and we all know what happens after that. When you add to that the ever-present risk (hack, theft, scam...) for all online money keepers, this idea does not look encouraging.

Chipmixer had a more than good reputation, they could implement this kind of idea safely. Imagine how it would all look today.