Topic: Bitcoin Privacy & Address reuse (Read 553 times)

Maybe. Maybe not. We'll never know. Just pointing out that unusual uses cases like this do provide something for analysis companies to latch on to.

As I said above I've never used Jam, but I've been using JoinMarket via its own GUI for years and don't have any real complaints.

I totally understand, but I really assume that they wouldn't bother. The only reason why I did it was because I wanted to experiment with those conjoin apps. I won't repeat it though.

I will keep using Jam however. It seems too easy to me.

By examining the publicly viewable blockchain data. As I said above, coinjoin transactions are easy to identify.

For example, here is a recent JoinMarket coinjoin I just pulled from the blockchain: https://mempool.space/tx/98423f23138446f079442bda7856b87cba075d15142ae756e06dcbdc0eb6b61c
It has all the characteristics of being a JoinMarket coinjoin which makes it easily identifiable - large number of inputs and outputs, similar number of inputs and outputs, all inputs are from segwit addresses, multiple outputs of identical values (0.04416277 BTC in this case) in order to obfuscate which is which, and if you look back in time the majority of the inputs have come from similar JoinMarket coinjoins.

Similarly, here is a recent Whirlpool coinjoin I just pulled: https://mempool.space/tx/5a734035c9745820dc98ab79209a1e44d4fbd2b7a0ed1dd417131be31a7ad763
These are even easier to identify, since Whirlpool uses fixed pool values of 0.001 BTC, 0.01 BTC, 0.05 BTC, or 0.5 BTC, they always have the same number of inputs and outputs, and two inputs will always be slightly more than the pool size in order to pay the transaction fee.

As I said, the privacy gain from coinjoin transactions comes from it being impossible to link the inputs to the outputs, not from the coinjoin transaction itself being hidden or secret. A blockchain analysis company can easily watch where all the outputs of every coinjoin transaction go, but if they don't know who owns those outputs, which other outputs that person controls, or who owns the addresses they are being sent to, then they can't do anything with information. But if a very small number of outputs all go the same unusual and identifiable place, which I imagine would the case when taking outputs from one coinjoin implementation and sending them to a second coinjoin implementation, then they can infer common ownership. (I have no data on this, I am just postulating that moving coins from one coinjoin implementation directly to a different coinjoin implementation is not a very common thing to do.)

But how can they know that? Considering that I run Jam on my node. I haven't seen the code but is JoinMarket connected to some central servers? If not, how can they know?

It is easy to identify coinjoin transactions when examining blockchain data. Coinjoin isn't useful because the transactions are secret - they aren't - but because it is difficult or impossible to know which inputs are linked to which outputs.

However, you need to be aware of how you spend those outputs. If you send outputs from a coinjoin to Binance, for example, then there are probably lots of other people who are also sending their outputs to Binance, so yours will blend in with the crowd. However, I imagine it's fairly unusual to send coinjoin outputs to a different coinjoin implementation. If you are the only user spending your outputs in this way, then a blockchain analysis company might make that connection. If there are 10,000 Whirlpool outputs spent today, and only 5 of them go directly to JoinMarket, then those outputs are potentially linked.

You 're right. Unfortunately I couldn't leave my computer (Sparrow) turned-on since I 'll not be home for a week. I 've lost a total 2.3% of my original satoshi.


I don't understand this. Could you elaborate please?

Yes, that's more than enough, although I shudder a little at the thought of how much you have paid in fees to do all that.

If it was me, I would probably have just left my coins in Sparrow for more free remixes. I imagine it is fairly unusual to take outputs from Whirlpool and immediately feed them in to JoinMarket, so that potentially gives blockchain analysis companies something to latch on to.

Hey. So I have been experimenting with 2 mixers in the past 3-4 days.

I have created a BIP39 wallet in Sparrow where I have sent my UTXOs from my multisig vault. There, I have done 2 mixes and I have generated some new UTXOs. (I also have some coins in badbank which is the amount of coins that wasn't mixed - which I don't touch for the time being).

Then, I sent my freshly mixed UTXOs to Jam (which is a nice GUI for JoinMarket). I have done 5 mixes with 9 collaborators each.

Finally I have created a new vault and I plan to send my UTXOs there. I will use the auto-sweep feature which allows me to "Execute multiple transactions using random amounts and time intervals to increase the privacy of yourself and others. Every scheduled transaction is a collaborative transaction.". This will mix my coins even more.

As a sidenote, I run my own electrum server and Sparrow is connected to it over TOR. At the same time, I also run my own instance of Jam.

I assume this is more than enough, to secure my coins privacy-wise, isn't it?

Sure, but KYCed bitcoin and tainted bitcoin are two entirely separate things.

Not sure how you reached that number. Given maker fees of 0.075%, then I can set my own spreads and pay combined transaction and network fees of <0.5% all in, provided I am not in a rush.

Swapping for any other coin which is completely traceable is completely pointless.

So? So blockchain analysis knows I sold my KYCed bitcoin for monero. Then what? They can't trace that monero, so they can't pinpoint when I trade it back in bitcoin.

But you don't want to hide the fact you're buying XMR (even though I don't see how it's easy to figure out that part unless the seller is a surveilling entity). Just as with bitcoin mixing, you pretty much want from the rest to know you're mixing. You just don't want them to know which are the coins you're receiving from the other end. When coinjoining, you want to give a sign that the rest of the coins aren't in your possession, but you're part of a coinjoin; what you don't want them know is which are the new coins you own. 

But when buying XMR, you enter a very high volume market; Monero's. Sure, Bisq isn't a large one, but any XMR user could have chosen to sell their XMR, I don't see why it has to be one who's traded in Bisq before. Ultimately, you can sell XMR for BTC outside Bisq.

 The whole premise of the thread is tainted bitcoin... OP believes, correctly, that through use of a CEX he has lost his anonymity.

 Your own example here seems to cost about 3% at least for the round trip and only a handful of transactions in the last week.

 Indeed Monero's privacy features play no part in anonymizing theoretical bitcoin here, you'd have been better trading for any other pair with higher volumes. Just because you are swapping for magic beans it doesn't mean the exchange transactions are private you know. Merely the action of sending btc to a known bisq vendor with no resultant transaction in return flags an XMR buy up, I'd warrant.

 Low volume exchanges with few transactions and high costs are not a good solution here.
 

I'm using that instead, although with not big amounts as it's beta software. It supports almost every feature JoinMarket does, even though I have noticed a bug or two. Specifically, in Fee Limits, Jam is reading from the JM's configuration file, but when you attempt to set a base fee and restart both JoinMarket and Jam, it defaults base fee to some value as if it wasn't changed. You should better change that value from the configuration file directly.

I think that unless suggested by AdamISZ, kristapsk, undeath or some other top contributor from JoinMarket, we shouldn't be using Jam confidently. (though some of those do have contributed to Jam)

On Bisq right now the spread between buy and sell orders for the BTC/XMR pair is 163 sats, which is less than 0.03%. The trading fee for a taker is 0.575%, and the trading fee for a maker only 0.075%.

Within a 1% price spread on Bisq, there is approximately 0.6 BTC of volume for selling XMR, but about 14 BTC of volume for buying XMR. This is only one platform, however, and there are plenty of others you can choose from. https://kycnot.me/

This is just as much a risk with the methods we are discussing here. The correct approach to this issue is to never use any centralized exchange or service which attacks the fungibility of bitcoin by buying in to the provable nonsense of "tainted" coins.

 Are the volumes at least reasonable?

 I can more than understand most bitcoin mixers seeing protocols which provide similar services on other chains as competitors.

 On chain privacy however is not a zero sum game where one solution wins at the expense of others, all methods have some merit and utility.

 Indeed one of the concerns about bitcoin mixers is that a user might get rid of their ( for whatever reason) tainted bitcoin, merely to receive some proportion of someone else's possibly more tainted back. I'm not sure whether this is a valid concern as I haven't looked into the mechanics behind these mixers too much.

 Curiously the method I've outlined above should, on the face of it, be of most interest to bitcoin mixers themselves who are seeking to provide the best service possible for their customers. Deposit on one bridge and withdraw completely different coins on another. Other ways may be possible.

There is, but the rates are terrible.

There are some services which aim to either enhance decentralization or utilize peer to peer functionality. Agoradesk, trocador, hodlhodl, are some peer to peer or reduced centralization services. Bisq is decentralized. In terms of fees, around 1.5-3% after network fees after all is done. So in terms.of cost efficiency, the railgun method is a little.more cost efficient or on par in comparison' and probably with increased decentralization.

Hmmm... Is there a bridge between Monero and bitcoin? If so that what is the volume, average transaction size etc? If not are you talking about going via a dodgy CEX? Can't say I know as I've never used that method, though true knowledge of privacy sets and timings isn't limited to the coin or token in question, as much or more information can be gleaned from the bridge or exchange.

 So if you want maximal privacy then you can chain the railgun deployments. Bridge to Ethereum, deposit and use the largest privacy sets there, then take those tokens and bridge them to polygon taking advantage of what is effectively compound interest of diminishing returns, privacy sets squared. When you then bridge back it's guaranteed that there is no heuristically feasible way to track and no connection between the original coins locked on the bridge and those returned.

 This might sound expensive... Though frankly would still be cheaper ( 1-2% in fees plus gas) for the vast majority of token amounts than any other method.

I'm definitely not refuting what you are saying - though to play devils advocate, I'll say that things that are unbreakable are, until they aren't. Some people have their doubts and try other solutions, that is normal and fine. (again, not refuting that monero is truly private or that analysis firms can't break it).

Achieving privacy is also somewhat static. You either achieve it, or you don't. You don't "get some" or a degree of privacy. If it's not an adequate measure, ultimately it's not private. Monero is not the singular key to privacy. There are definitely other, unique ways in which you can achieve privacy. I believe that Spinflight's solution is possibly one of them, I can't say for sure as I haven't given it a try though in theory I do see Spinflight's logic/rationale behind the theory.

Monero is the only coin which is truly private and which blockchain analysis firms have been entirely unable to break. If you have doubts about the privacy provided from monero, then it would be absolutely insane to think you would somehow get better privacy from wBTC or similar.

This is correct. However, Spinflight's solution is still a good one if one has doubts in Monero for whatever reason. The fee would be roughly the same, depending on the exchange method that you are using. Both solutions are valid ones though.

In terms of wBTC not being private - that's right, however the solution provided by Spinflight allows you to mask origins by burning/minting different amounts at different times and points, thus making it extremely difficult to track it down. As effective as monero? I couldn't say for sure, though both methods seem to be effective for privacy in their own ways. If someone is determined, using both methods might be a way to increase effectiveness as well.

If you substitute Binance for peer to peer trading via somewhere like Bisq or Agoradesk, then yes, you can apply this method.

There is exactly zero point in trying to obtain any shred of privacy while using Binance. Even if you don't complete KYC, they are tracking everything from your IP address to your browser fingerprint and paying multiple blockchain analysis firms to trace your deposits and withdrawals.