Topic: [ANN] Whirlwind.money | ⚡No Fee⚡ | Ultimate Privacy | Anonymity Mining 12% APR🔥 - page 32. (Read 12718 times)

ANN design was updated, see first post in this thread. It now includes a step-by-step walkthrough showing all actions you can make on our our website.

The initial escrow deal was that we were supposed to receive the funds back when the review campaign ended a while ago. We did not request the funds back so they are still with minerjones. We'd be happy to adhere to the 7 day delay rule you proposed, and I will ask minerjones if it's possible for him to confirm here that this rule will be enforced and the amount held by him at the moment.

Daily payments will be made to all funded Notes (balance >0) automatically. They will be sent through the "Pay to Note' feature from a Note we funded ourselves, so all payments are anonymous. You do not have to send us any info or interact with us in any way. As long as you made a deposit you will receive your share every day. The multi-sig balance is public so you can calculate exactly how much you are supposed to receive at all times. Everything will be explained in detail before launching the campaign.

We will create some graphics/videos explaining Whirlwind in a much easier to understand manner. Until now the only focus was improving the product and discussing the technical reasons behind our infrastructure/architecture choices. For the record we intentionally left an easy to follow trail through our posts on this forum that allows anyone now or in the future to do his own research and evaluate our competence and truthfulness. Actions speak louder than words

No update to the backend or signers gets to production before being thoroughly tested, we have no reasons to be concerned in that regard. Security comes first in everything we do. Without an attacker gaining access to our entire infrastructure including the physical server it's impossible to exploit Whirlwind.

Our word is our bond and to prove this point again we will remind you of the challenge we launched when we first started the service. If anyone is able to find the IP of any of our signers we will offer a 1BTC bounty and it would have to be publicly disclosed.

Thank you for the suggestion, it will be added.

Currently there is ~250k in the multi-sig, we could send another 200k to minerjones for escrow to cover that but how should we act when the balance will continuously grow? Add more every day? If users don't trust that they'll get their funds back they shouldn't use the service in the first place regardless of the escrow. Not trying to downplay this risk by any means, but it's the same with any other centralized solution.

Do you have any example of a service that had an actual reason for offering a reward on Bitcoin deposits?

The goal of this campaign is to grow the Anonymity Set, not to attract users with some 'sustainable interest' on their Bitcoin deposits. We are also not the first ones to do something like this, I linked an example in the previous post. We are transparent about the fact that rewards are coming from us, it's basically an operational expense until we have a strong enough Anonymity Set where it doesen't make sense to use another alternative.

As said in the previous message we are aware this campaign may raise red flags for some but we couldn't find any other reasonable alternative to grow the Anonymity Set without doing this. If anyone has a better idea we would be more than happy to go down that route, but keep in mind that after a certain point users would have to trust us regardless. People are investing millions in different projects/ICOs before ever seeing proof that anything even exists, so considering what we've shown until now it should be quite clear that we're not here to mess around for a few Bitcoins.

We are not trying to force anyone to deposit by any means, if you don't trust us that's fine and there is nothing we can do to address that other than running the service professionally or decentralizing it.

On second thought: this sounds a lot like the many "services" in the past that paid interest on Bitcoin deposits. Usually, that didn't end well.
Are you sure you want to be associated with those?

If you have the capital to put more than the expected amount that will be "staked" into an escrow, I would suggest doing so.
I believe that there will be far greater participation if there is no doubt that participants will receive their coins back one way or another.
As @LoyceV stated, the escrow deal should be made public/transparent and tied to no real complaints being made by participants.

Just curious, are you planning to launch a targeted signature campaign for that purpose to gain visibility for the campaign?

A suggestion, I think you should also explain or list why'd you use Cloudflare and how you overcome its problem on the FAQ page.

Will this list be available to everyone? Or is it private because many are trying to stay away from mixing services due to the lack of clarity in government decisions regarding them, and the issue of Mining campaign may mean linking any user directly to your business, so the legal risks are greater.

In general, I hope that you will strive to empirically explain your ideas, because they seem complicated at the moment.
and then a beta version is released before activated any update on the site. The continuous update of the service may leave backdoors that can be exploited in the future then completely destroy the project, especially since any problems related to privacy now will cause others to lose confidence in you.

Is this confirmed by minerjones somewhere? I only found this post, but there are no details.

Also (I remember this case): what are the details of the escrow deal? Considering the purpose, it would be good if the deal includes a 7 day delay once you request to pay it back, including the escrow publicly announcing the change 7 days ahead.

All remaining tasks on the backlog were completed. Starting today there won't be any more stability issues and we expect perfect uptime besides occasional very short periods of maintenance which will be announced in advance here on the forum and through a maintenance page shown on both Clearnet and Tor. We made some great progress during these past few weeks and we appreciate all the feedback that we received, it's been very useful.

Now that the updates are finished at least for at least the next weeks and the service is completely free to use we will switch our focus to solving the only remaining 'issue', which is the Anonymity Set being quite low because we only just started.

IMO there are multiple reasons why our service doesen't see that much usage yet and I'll list them below and afterwards reveal our plans to deal with each one of them:
-It's a fact that Whirlwind is a real innovation in the Bitcoin space and it may seem harder to use at first because users are simply not familiarized with our mechanism. This makes it harder to get them to try our service, but there's no doubt in our mind that once they do they won't go back to using something else since there is simply no reason to do that. Obviously this is a biased opinion since it's coming from ourselves, but the numbers and facts are on our side so you don't need to trust us, do your own research and most likely you will come to the same conclusion

-We are a new service so users don't trust us that much for now

-Anonymity set is currently too low

We are planning to solve these issues in the following ways:
1. Create a detailed comparison between Whirlwind and most relevant privacy solutions that currently exist/ existed before and explain mathematically why our implementation is superior in every aspect compared to any of them. Again only verifiable facts

2. Create a twitter account and start discussions about all aspects of our service

3. Start an Anonymity Mining campaign with the goal of growing the Anonymity Set

The details will be finalized in the following hours/days but it will work in a similar fashion to this: https://docs.tornadoeth.cash/docs/anonymity-mining

Since we do not have a Whirlwind token to use for this we will reward users with Bitcoin in the following way (ignore numbers, it's just an example):

Our goal is to grow the Anonymity Set to 10,000 deposits so until that is reached we will offer a reward to everyone using the service. Each month we will allocate 1BTC to distribute between all funded Notes proportionally to their balance. Payments will be made every day and you are free to withdraw your deposit anytime. If the amount allocated for rewards is 1BTC a month that means 1/30 = 0.0333BTC will be distributed every day.

If the multi-sig balance is 10BTC and you have a Note with a 1BTC balance you will automatically receive 10% of 0.0333BTC every day you keep your Note funded, which is 0.0033BTC a day.

Most importantly this campaign should help us achieve a strong Anonymity Set, which as discussed before is the only weak link remaining to be dealt with. At the same time the growing multi-sig balance will also give us a great chance to prove that we're not here to steal anyone's funds so after some time most concerns in this regard should be eliminated. We understand some may still have doubts and if there are any specific questions you want answered do not hesitate to ask.

The 40,000 DAI are still in escrow with minerjones and we are able to send much more than that if the risk of us stealing the funds proves to be the problem, but at a certain point our users would have to trust us regardless until we completely decentralize the service so we are not sure it makes much sense to do that.

Ready to answer any questions or concerns!

---

Below is the changelog with the latest updates, our ANN thread design and signature will be updated sometimes in the next 48 hours.

---

We are concerned that if we offer this option most people would use it and it'd be way better for everyone if they don't. We just added some more output size options so it's a bit more convenient, but for a privacy service we believe that security should come first. Besides this you don't need to withdraw the entire Note balance at one time and as said in a previous message you can still withdraw a custom amount, the process is just a bit more complicated. We will wait for more feedback on this and make changes only if they are necessarily needed.

I think almost everyone would want the option to choose their withdrawal amount. A simple text-notice that privacy is enhanced when the withdrawal amount is not customized is probably sufficient. I don't think there's any need to overthink it by making it something that you have to click on a check-box or in an alert box or anything. There are some great web design tricks to convey something important like this without requiring the user to take excessive, extra steps like clicking a checkbox.  And it's counterintuitive, but sometimes we actually gloss over the text associated with a checkbox (think how reflexively we click "I agree to the Terms and Service," probably often without even reading that line). If the checkbox is in the way of a user completing a form, they quite occasionally just click the box without reading it.

Below you can find the changelog with the latest updates -

Fees were eliminated altogether, unless you choose to donate voluntarily if you send 0.01 BTC to Whirlwind you can withdraw the full 0.01 BTC without even paying the transaction fees.

Clearnet should work flawlessly from now on, keep in mind that Tor is still the recommended way to access our service and if Clearnet is ever down again you can use the Tor version without any issues.

Open question/s: Would you find it useful if we made it possible to withdraw custom amounts like before? We could implement a checkbox that you'd have to click acknowledging that in certain cases you may not benefit from the same level of anonymity if you withdraw a custom amount.

You can still withdraw a custom amount in 1 transaction, we just made it harder since we want to discourage users from doing it. For example if you deposit 0.007BTC you'd need to make at least 3 separate withdrawals, 0.005/0.001/0.001. If you want to have them all sent in a single transaction you could first withdraw 0.005 to address A with a 1 hour delay, then refresh the page, input your Note private key and make another 0.001 withdrawal to the same address A with the same 1 hour delay and repeat the process again for the last 0.001. Doing this will result in receiving 0.007BTC to address A after 1 hour.

Do you feel like 'Fast' mode was useful and not having it is a problem? Should we make it available again?

We made the choices to switch to fungible outputs and deprecate the Fast mode for better overall Anonymity, but we are aware that this may lead to Whirlwind being slightly harder/more inconvenient to use in certain cases.

---

Thank you for the suggestion, we still have some work to do in regards to alerts and overall UX. We just completed pretty much every task we had on the backlog so now we will focus more on the remaining 'cosmetic' issues and explaining the service better by creating video tutorials and comparisons with other alternatives.

May be a good idea to have some kind of maintenance page?

Something like "the clearnet page is in maintenance, please use the Tor version if you're in a hurry"...

While the bolded part is completely accurate, we don't think that specific comparison makes sense in this case because with our approach we are solving some fundamental issues that our competitor's systems suffer from instead of only having a few small differences so it's more like Blockbuster vs Netflix.

We could choose the easy way and use an existing popular model and only marginally improve whatever we could, but starting from a system that again, is fundamentally flawed, we could have never been satisfied with what we were offering and it would feel like we are stabbing our users in the back since we knew we could do way better.

We took the risk and implemented what we believe is the best privacy service currently available and later today we will also completely eliminate the withdraw fee making the service completely free for those that don't donate voluntarily. So if even in these conditions we won't become the most popular solution after a few months at most it certainly means that there is no true demand for real Bitcoin privacy and in that case with regret we will shut the service down, but it'd really be a shame if that happens.

By taking this route we basically made a bet that users will understand the unique features and advantages that we offer and we hope that it will pay off in the end. If not then we only lost the funds that we spent on marketing and that's not a big hit for us by any means, we'd just be incredibly frustrated knowing that all this work was for nothing.

Thank you for telling us, but we are making some changes as we speak and it will be online again after we are done. Tor is online as usual

Yeah the TOR link is working just fine right now. I can access it.

Since @whirlwindmoney stated that the clearnet problems should be resolved with the next patch/update which they went live with today I just figured I'd let them know that they are still under heavy fire.

I think they mentioned using TOR would be the best way to browse their website because there is an ongoing issue with the clearnet which really has no resolution in sight because those that are perpetrating the DDoS are determined.

@whirlwindmoney excuse me if you don't want me telling you this again (I can delete this post if you want) but for me, the clearnet site is down again.
Here's a screenshot of the error message I get:



I figured since you just went live with the new update and the site was supposed to stay online, I'd let you know :/

After reading this, Betamax vs VHS came to mind. "Being the best" doesn't guarantee winning the market.

I personally wouldn't say that I don't know how to operate it but I am just lacking experience and somehow feel more comfortable browsing clearnet websites when handling money/bitcoin.
I do use Brave Browser aswell but don't seem to be able to load up the onion link there for whatever reason.

I can confirm that it is accessible for me again, thanks for the update!

Clearnet is back online and accessible at whirlwind.money.

You may be surprised that we are using Cloudflare after all the discussions we had in regards to MITM, but continue reading until the end and you'll find out why in our case it's safe and what's the difference between Whirlwind and any other competitor when it comes to this.

Before starting the explanation there are a few important things worth mentioning:
-Cloudflare can still see your IP
-If you use Clearnet and close the window and clear your local storage you won't be able to access the deposit page anymore, so make sure you save your Letter of Guarantee before broadcasting the transaction. Everything will be processed without any issues even if you close the window, the only problem is that you wouldn't be able to save the Letter of Guarantee anymore if you didn't do it before.
-Even with all the security precautions we took we still highly recommend using the Tor version
-We will tweak Cloudflare parameters during the next hours so it's not as annoying when you first enter the website

Now for the interesting part:
If we just used Cloudflare without our custom encryption scheme, Cloudflare would have been able to de-anonymize users accessing the clearnet website. This is because, when using Cloudflare, even if data is encrypted, it's not end-to-end encrypted with our backend server. The client sends an encrypted (TLS) request to Cloudflare, which decrypts it, and this is where they could, and almost certainly are storing logs of the De-Anonymyzing Data (D.A.D). This is any data that could comrpomise the anonymity of a user: deposit address, withdraw address, pay-to-note data, etc. Cloudflare then encrypts the data again, and sends it over to the backend server. With the .onion link, this is not a problem, since data doesn't travel through a third-party and always remains encrypted, but if we want to use Cloudflare DDoS protection on the clearnet website, this is unacceptable.

Any privacy service that implements Cloudflare or any other DDoS protection 'out of the box' (which basically all our competitors do) is careless at best, or they simply do not have the technical knowledge necessary to realise how huge of a problem this is and that they are willingly putting their customers at risk by doing so.

This is why we implemented our custom encryption scheme, which creates an encrypted tunnel between the client (frontend) and the backend server. So even if Cloudflare slashes the first layer of encryption (their layer a.k.a the TLS layer), the D.A.D would still be encrypted with our layer, which they cannot decrypt, so data inspection is not possible.

We decided to use an Asymmetric encryption scheme based on Elliptic Curves, more specifically the Elliptic Curve Augmented Encryption Scheme or Elliptic Curve Integrated Encryption Scheme (ECIES). Please note, this is not a signature algorithm just to prove the D.A.D is untampered with, but an encryption algorithm, which makes the data unreadable. This is how the system works:
If you are using TOR, this extra layer of encryption will not be used since it's redundant. TOR encryption is already extremly powerful, and the D.A.D will never get anywhere in plaintext form, except our backend server where it's processed.

If you are accessing the website from the clearnet link, the frontend will generate an Elliptic Curve Cryptography (ECC) key pair, and will never send the private key anywhere. The backend server already has a permanent ECC key pair generated, and its public key is stored in the frontend. With the ECIES scheme, you can encrypt data using the public key and you can only decrypt it using the private key. When the client needs to send any kind of D.A.D to the backend, it appends the frontend generated public key to the said D.A.D, and then encrypts it using the backend's public key. Now, Cloudflare can read the ECC encrypted data, but they cannot read the plaintext data. When the encrypted D.A.D reaches the backend, it will be decrypted using the permanent private key. The backend then processes the request, and the response must also be encrypted since it contains potential D.A.D, so it encrypts the response using the client's public key that it received within the request. When the response gets to the client (frontend), it is decrypted using the private key generated locally. This is how full end-to-end encryption and privacy between the user and the backend server was achieved, even with Cloudflare decrypting TLS data.

You can check all of this happens simply by looking at any outgoing/incoming data from the API while on the clearnet version. Just right-click the web page, go into Inpsect Element or just Inspect and click on the Network tab. Then, watch any request that may contain D.A.D. You will notice that on the TOR onion link you will be able to read that data (on the Request/Response tab), meanwhile on the clearnet version, it's just a long encrypted hex string.

---

DDoS is not a problem since even if Clearnet is down, Tor will always be online so it's not a concern. Finding the real location would mean we failed spectacularly, but even if that somehow happens we don't really have reasons to be concerned since we are not doing anything illegal and never did. We didn't commit any crimes such as identity theft, we are not advertising in any places that could be considered shady by any means even though that would certainly bring in easy profits. In fact the bitcointalk signature campaign is the only 'marketing' we have. This is a business like any other and our goal is to make money, but we are not making any compromises or taking any risks that could give anyone reasons to target us.

Thank you for your input, we will still wait for more opinions on this but we are on the same page, we don't think this feature is needed as it doesen't necessarily strenghten the privacy that Whirlwind offers. Besides this it could also introduce other risks and more responsability on our side.

It's enough that ''someone'' continue DDOS attacking your website and take them down or find your real location.

I prefer using onion version myself, and we previously saw scammers hijacking clearnet websites and/or replacing addresses for other mixers.

That would be nice, but making this open source can be a double edge sword sometimes.
I am not criticizing this idea at all, just stating my opinion and potential dangers of moving in that direction.

That means you and receiver would both have private keys for those addresses?
If that is the case, than my answer is No.

It's the almost same thing like Firefox browser, but you can also browse onion links with Brave browser (not recommended to be used as replacement for Tor browser).

To be honest, I am just not too familiar with Tor.
I Have it installed on one of my machines but not on the computer I am mostly working with.
The times I felt like checking the site, I was working with the computer that does not have Tor installed and that I don't want to mess around with Tor on it.
Now that we have talked about it, I will probably check out the updated website on Tor this evening but I'd usually rather use the clearnet

Why not just use Tor? It is very easy to download and install (https://www.torproject.org/download/), is ready to use with zero additional set up, avoids all the problems with clearnet, and most importantly provides you with better privacy.