We are sorry for the inconveniences caused by this, but it's a complex issue to tackle if you do not use Cloudflare or other alternatives. We strongly believe that any downtime because of DDoS on the clearnet service is worth it in favor of introducing a MITM voluntarily. It doesen't make sense financially as for sure we are losing a lot of business because of it, but Cloudflare is really a no-go. It's unacceptable and outright dangerous to use it for a service of this type.
If you use any service through their clearnet domain that is protected by cloudflare, all your information including deposit address and destination addresses will be without a doubt stored in a cloudflare's database available for review at any future time. Even if the operators decide to use Cloudflare I think the risks should be clearly explained, I bet most clearnet users are not aware of what I said above, otherwise I guess they wouldn't use it. Even using mixing codes which means keeping logs is 'better' than using cloudflare since only the operator would have access to them, the bad things is that it happens for Tor users too so you can't avoid it.
See this thread for more info on why cloudflare is a very bad solution for privacy services: https://bitcointalksearch.org/topic/mixers-using-cloudflares-ssl-certificates-5247838
Interesting fact: More than 90% of deposits originated from Binance as of today not including other CEX, not that we have nearly enough data to draw conclusions but it's safe enough to say that the overwhelming majority of users of privacy services are acting in good faith and are not criminals by any means. *
To better understand Whirlwind's strength, how the multi-sig history will look like in the future once we see some more usage and why it's almost impossible to deanonymize transactions we could compare it to a wallet of a no kyc cex, for example this one: https://mempool.space/address/bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz -
Because of the sheer volume and total number of deposits paired with the fact that you can't know when or if a specific deposit was even withdrawn, you cannot link deposits to outputs. Even though you receive coins from a pool where your own coins were sent to, that does not mean anything if observers don't have outside information. But in that case it's not Whirlwind's fault. To be frank I wouldn't even call Whirlwind a mixer, a Privacy Pool is a better term. But for now until we become more established we will continue to use this term.
*if i'm not mistaken the address listed above is kucoin's wallet and it has a 3 or 4x worse AML score than Whirlwind's multisig.
Is it similar like chipmixer had with their service or you are using some additional mixing for higher fees?
Anyway, it was good decision to make, it should attract more users for sure.
PS
I think you should really add more information and links about your service on your bitcointalk profile, it looks more official that way.
Junior member rank also gives you the right to wear simple signature, so you can use it.
https://bitcointalksearch.org/user/whirlwindmoney-3537433
Will look into updating the profile too at some point, thanks for the suggestion.
We aim to release the Pay to Note feature as early as next week. Latest changelog update:
04.15.2023 02:00:00 AM UTC
-Added support for all types of Bitcoin addresses
-Input boxes cursor fixed
-Alert while backend is down for maintenance
-Minor UI fixes