Topic: blindmixer.com - CLOSED - page 3. (Read 1185 times)

I use Chipmixer when I need to mix my coins.
From my Electrum (tor enabled) I send the coins to Chipmixer, Chipmixer to another address which I consider very private to me. In the whole process, I only pay network fees, from my public wallet to Chipmixer and Chipmixer to private wallet. If I feel good, then I may send tips to Chipmixer.

I see you are a wallet and a mixer. Let's dive into the wallet part later. Give me reasons why would I use your mixer when I already have a proven and reputed service in my reach. It's a question from a customer's point of view. I am sure who use mixers they already are with some services, what is your key offering for the users to move to you?

By the way, a lot of information on the main thread. I think you really need a good design to serve visually, it's easier for the visitors to give a quick scan before they look for details. If you need help in it along with bitcointalk marketing (for example signature campaign), then feel free to reach out to me.

Is there any other mixer offering what we are offering? I'd say we are pretty new both in terms of the actual age of our product (not sure why that would matter anyway) and technical advances.

I'm not so sure what you want me to answer; moneypot was barely live (< 3 weeks) and we barely launched yesterday. It seems obvious that it will indeed take some time for people to actually use us (if indeed they will use us at all) and understand what we're about.

And yes, I'd say that you're mostly wrong. For simply mixing your funds:  You can deposit funds on-chain and withdraw them off-chain, or do a combination of both (use reverse submarine swaps**) which works as follows: you use our lightning capabilities to pay an invoice with any reverse swap provider to get your on-chain funds back.
If there is an actual interest in this we can open additional channels to facilitate these swaps.

Anyway, voila your coins should be mixed.

** see sites such as boltz.exchange

You can check how much our lightning capabilities are before depositing, so you can roughly estimate how much you can mix in a single session. Now of course we need to loop those funds back in sooner or later to get our outbound liquidity back. A smart observer might take notice of that though I presume that observing that relationship is a very hard problem given that this is actually unlinked + we can vary amounts + we can vary timing (and you can vary swap providers + the aforementioned)

For even less dependence on our outbound liquidity you can also swap in with provider A (so you generate a lightning invoice with us, pass it to provider A and pay him on-chain), then reverse swap out using provider B. (or A). That wouldn't require us to have any liquidity at all. Now if you're the only user doing this it might at some point become apparent, but given that there's at least one other user also doing this you should be fine.

Now you'll probably say that you don't need us to do this, which is true. you can also just pay an invoice at reverse swap provider B using swap provider A, assuming that they won't communicate with each other about your swaps. That assumption is probably fine if you're not under too much scrutiny.

Or you know, open a channel yourself, loop the initial balance out, and use that to swap.

I get your reasoning, though personally I don't think it is at all fair to 1-1 compare us to other mixers given that we offer (or so we think) a radically new and different product. We are not just distinguishable by some formula "the amount of time not exit scammed * mixed * spent on the community" (=reputation) (like any other centralized mixer) else we obviously wouldn't have launched this service. There wouldn't be much way for us to compete.

I said or at least very obviously meant (given the context of the sentence) that I think in general (and with blindmixer) it's good to be fearful of the intentions of new services so not so sure why you're trying to zing me over an argument I never made.


You're right, though I think we can partly attribute it to people thinking of us being a "wallet" wallet, which is not really the case. Poor marketing from our side but it should become extremely clear that we're not at all a wallet in the traditional sense of the word, and more of an intermediary. say like a giftcard (provider). Those expire.. well sometimes at least  

Also it would become very attractive for us to exit-scam as it is just a given that there's funds that will be left by some % of users. Perhaps if we offer the community a share in this it might become more acceptable? (the rollover profits that is)

It's also great to have these kind of cut-off points so that when a breach happens, there's not years worth of deposits lost, but instead it is contained for some period. As once we're breached, an attacker could sign for any voucher, basically invalidating all outstanding ones.

I think this is exactly what we are, plus additional features. You have the client component which is the wallet (which can be loaded into Electron (works on most OS!), or any browser with storage capabilities), and then you have the custodian, aka "server".

Note that the wallet is completely open-source, you can build it yourself if you'd like. Not sure if the build is deterministic though.

I see that the scheme described by theymos also has a pretty decent flaw: repudiation. there's no way to check if the server is acting honestly, as that requires additional signatures to everything (and or some tricks to deriving the signing address), which is exactly what we did.

For example in his basic implementation the server can spend party C's unblinded vouchers as soon as it becomes aware of it and it can never be cryptographically proven by party C that they didn't initiate the transfer.

I think it's very hard to simplify it further without diminishing UX and security. It's impossible to do this without Javascript/some storage capacity, so really, how could we make it more accessible and more "traditional-mixer"-yy? I get it, most people want just a landing page without JS that's accessible through the tor browser, but this is just not possible / secure.

---

This would be the bare minimum scheme:
I. say we do the above (noJS, noIDB) and you deposit. the deposit address is already generated server-side without some form of acknowledgement (so you lose honest communications, at least in blindmixer's implementation), as asking for an ack needs some random key E that you'll need to generate, and a signature you need to store (in case the custodian refuses to credit you).
**

II. Now you have a claim to some C bitcoin in certs that is unbounded so it does not require any sort of key E, so the custodian can steal your certs the moment he becomes aware of them , by simply saying "Oh, someone else already claimed these".

III. How would you claim this? You still need to engage in a signing session for some of the servers public keys BS[10$, 25$, 50$]. that requires some nonce and some operations using that nonce. (that's just the unavoidable nature of the scheme) So should we in this case just display the nonces so you can copy them in a third-party tool to compute the challenge, copy that back to receive your blinded vouchers, which you can then copy and unblind using the same third-party tool to finally claim your funds?

It's not user-friendly at all, especially if you're not that technical.

But hey, what if instead of this third party tool, you use our "tool" which we call a "wallet"?

---

Above is explained a bit uglier than I would've liked, TLDR: Not sure how to simplify our implementation further.



I really want to simplify using us as much as possible. I'll look into if it's possible to load parts of the wallet's DB in memory so it can be used with the tor browser, though it's probably a lot of effort (not worth it really).

I don't think many people will want to use a wallet that takes all their money every few months! Even though you announce it up front, this will likely end in terrible disappointment for some of your customers.

The fact that your wallet/mixer doesn't work in Tor browser isn't encouraging. There's much more to browser identification than just a new IP address, and Tor browser is much easier than booting up a different VPN.

From your fees section:

It looks vaguely familiar, did this overview come from Moneypot? What does "eco" and "free" mean here?
You're comparing your fees to "Any Wallet", but use ridiculously high fees to compare with. My wallet doesn't have a receive fee, and my last send fee was 111 sat. No decent wallet charges 49368 sat for a transaction.

---

---

I was hoping for an easy implementation of "theymos' Blinded Bearer Certificates".

I was not trying to prove anything, just posted information that you purchased domain recently, and I would hardly call your service new, when it's totally cloned word to word from old dead moneypot wallet website.
For any mixer to be functional it needs to have good liquidity and I am sure your blindmixer (including ex moneypot) never had any liquidity, but you are free to prove me wrong.
I could be only one using the wallet and since there is nobody else sending coins, I would always receive my coins back, in case custodian decides to scam me, than I end up with nothing.

Maybe, but I would argue that risk is much higher using your website that is still in beta, than some proven mixers that exist for years.

Fearful of what? Surely not about some dead blind project...
I didn't know what better term to use for custodians than gambling gangster, and that is nothing personal against your service, and I didn't know how better to describe when someone can break the deal whenever he wants.

It's not the primary goal of blindmixer, but it's an additional benefit: Of course, the main reason to use blindmixer is to mix your coins.
No one is arguing against this. I stated this risk in the OP multiple times.

I don't see any centralized exchanges offering provable- privacy/nologs on your in- and outputs? We're not at all comparable, not in the slightest? Sorry if this is your main takeaway from this thread i'm honestly confused if it's us who worded it poorly or if you just do not at all understand the purpose of this service.


Again, this is not the main focus of blindmixer. Of course there are other more secure lightning wallets out there. that's not at all the point. Should I rephrase it to read less enthusiastically and more like a footnote? It's just an addition that's easy for people to use who aren't too familiar with lightning. Ideal for beginners who would like to enjoy privacy without too much hassle. I myself thought it seemed pretty neat for a mixer to have that property?

The custodian can also run off with your funds at any point, indeed, as any other centralized mixer can. I think we are making this very clear in the OP, no?

Though this is worded a bit poorly because indeed, you need to trust us blindly as a collective to not run off with your funds, but you can also prove that we are acting dishonestly in most if not all cases. For example say we sneakily changed the wipedate: if you go to your config (https://mixer.blindmixer.com) you will see both a hashed version of your config + signature + original acknowledged wipedate that is signed using the public key mentioned in the OP (after the #)
I don't think you quite understand what we are offering and that the implications of that (real privacy) are exactly what can result in such a scenario. Precisely because we do not know which coins belong to you is the reason you can get them back.

I think you also fundamentally misunderstand what it means to "mix" your coins, or at least our definitions must differ significantly.

Really what (we think) it means to "mix" your coins (on-chain) is to create an uncertainty for any third party (or us) to conclusively say which inputs/outputs belong to you. This is partly explained in our FAQ:


Now we don't control this: How long until and what amounts you withdraw is entirely up to you, and largely with that your privacy.

^^An easier example is if we were to take 100 different inputs of amounts varying 0.01 - 1 btc of which some number belong to you, pile them all up. Now withdraw 0.1 BTC. Now what would the probability be that someone correctly guesses which inputs originally belonged to you? There's still a linked chain, in a sense you're getting your own inputs back.

So sorry, I will not allow you to portray us as a centralized* "no different than an exchange" "gambling" "gangster" "wallet", when really, we're a centralized mixer with provable privacy (you do not need to trust us not to keep any logs, unlike all other centralized mixers) and proveable honest communications.

(Okay, apart from gangsters... I guess you could call us gangsters given the lack of rep we have . We fully recognize it's good to be fearful.)

*In that regard we are absolutely no different than the service you are promoting, except with us you know that A. we don't can't (reasonably) keep logs. and B. we cannot dupe any individual user without it being provable. And of course we offer some additional features which we think are nice, but you seem to disagree. Unfortunate..

No one is forcing you to keep your coins with us. You can withdraw immediately after depositing. Just like any other centralized mixer there is indeed a risk we could exit-scam.

Not sure what this is supposed to prove either. Yes, we are a new service. You should treat us with caution as you would do with any other centralized entity. What, you wanted us to own this domain for several years? What exactly would that prove? I'm thoroughly confused.

Sorry if this post came off as harsh, not at all my intention. Just trying to clear up as much confusion as possible. And so yes, I fully understand that it might feel risky for people to entrust us with their funds. That's completely understandable and we also would've rather seen it differently, though the very nature of this scheme requires at the very least us to have custody over your funds.

Again, we fully acknowledge that there might be future exploits/hacks, and that we as of yet don't have any sort of respected presence in the community, and with that the perceived and real risk of depositing funds with us. Don't think we're at all sugarcoating it.

We also understand that there's not much reason for the community to support such a new project as us when there's no real monetary reward for doing so, so we'll think about that as well.

I really don't see any real advantage of using your wallet compared to centralized exchange, and we can argue that it's much bigger chance of you getting hacked and customers losing money.
Depositing to some centralized service like blindmixer just to save on fees is so stupid and could cost you much more down the line.

This is nothing special to blindmixer, many lightning wallets are custodial and they don't require from users to set up own nodes, but that is much less secure and users have no control over coins.

https://blindmixer.com/faq

That means that custodian can change dates, make wipes whenever he wants, so it's more like you are keeping coins with some gambling gangster and you need to trust him.
You can even receive your own coins back, that is unacceptable if we are taking about mixer, so this word should be removed from your service, it's just a centralized gambling wallet.

Domain registered recently:

I took the blinmixer domain in a telegram to avoid the tricks of scammers in the future.
If you need it, I'll give it to you, if not, I'll just borrow it on an inactive account.

I looked at the source codes of the wallets and it seemed to me that everything was pretty clean and simple. I hope you will succeed.

Good luck.

---

In short: blindmixer works both as a mixer and a wallet, but should really only be used as a  wallet to facilitate the former, given that blindmixer is fully centralized. blindmixer uses blind signatures to ensure that your inputs and outputs are cryptographically unlinked. Even we do not know which inputs originally belonged to you when you withdraw!* No other centralized mixer does anything close to this currently!



Apart from provable privacy we offer some additional unique features, most of which we can offer because we are a centralized entity:

• blindmixer utilizes in-house coin selection algorithms, allowing us to not only batch transactions at scale, but we are also able to make the smartest* choices when selecting inputs.

• blindmixer brings lightning to the average Joe. No longer will you be required to set up your own node, or use a separate wallet for your lightning transactions. blindmixer allows you to pay and generate invoices from the comfort of the same wallet.

• blindmixer is provably-honest. We will be unable to get away with duping any single person.**

• blindmixer offers their service at cost. Apart from very limited anti-dusting fees, all of blindmixer's services are ran at cost. There are no hidden fees.***

• blindmixer allows instant and free transfers between users.

* In comparison to the standard core selections.
** Every action both by the user and the custodian that involves funds requires a cryptographic signature, thus proving the intent of both parties at all times. Example: the user signs a claim-request (claim-request: request for (blinded) coins) for a hookin (on-chain deposit) with the public key of the address the hookin was made on.
*** blindmixer wipes the custodian at set intervals. This is both to make
A. money,
B. exit scamming less lucrative,
C. exploiting vulnerabilities less profitable.

---

What are the drawbacks?!

• blindmixer is still a custodial and centralized mixer. Through malice, error, or other causes, your funds* could potentially disappear at any given time, without you being at fault. *Your funds as in the collective of all of the users of a custodian. we previously explained it would be impossible for us to dupe a single user without it being proveable!
  

• blindmixer is a complex object. there may be unspotted vulnerabilities in the code which can cause a loss of funds, especially in the first few iterations. Be wary that any funds you deposit can be lost at any time, as we are too. There may be trivial exploits in the custodian code that allow for a complete draining of the custodian, such as a missed signature check.

In what scenario would I use this mixer?

We think blindmixer is to be fully appreciated when used as your day-to-day wallet. Used correctly, a transaction costs as little as a regular input. And that's not even mentioning the ease with which you can use our lightning services to pay for any service or everyday goods, all while retaining full privacy.

---

FAQ:
 Why should I trust you with my bitcoins?
   - You should not. Everyone needs to assess the risk they're willing to take with their coins, and we hope we offer enough to make it worth it for you to take that risk. There is no compelling argument we can make as to why we are worthy of safe-guarding your coins, because really, we aren't.

For more frequently asked questions, you can visit our FAQ

---

How exactly does blindmixer work?

In technical terms: blindmixer takes the bitcoin you deposited, and returns to you a claim to a set of coins equal to the deposited amount. Only you have the keys to those coins, and you use them each time you want to make a transaction. Due to how blindmixer works, we do not know your coins, nor the keys. We only know whether or not they are valid, and whether you are the actual owner of them.

For more detailed information, please check out: Overview

---

How to use:

Step 1. Visit mixer.blindmixer.com

Step 2. Choose a custodian.

Step 2.1 Choose both a password and a name. Save your password and mnemonic phrase!

Step 3. Deposit bitcoin through either lightning or a normal transaction.

Step 4. Start mixing!

---

Electron
blindmixer also offers an electron shell, should users be interested in using that. We think it could be of benefit to both your privacy and security.

For more information, please visit Releases

---

Source code

For those interested in the source code, our github repositories are publicly accessible. You are welcome to contribute or point out bugs.

For those who spot critical security vulnerabilities; please PM us here on bitcointalk or send an email to our support. No monetary compensation is guaranteed, though it is highly appreciated!

blndmxr-mixing-wallet
blndmxr-lib
blndmxr-wallet-electron
blndmxr-custodian

---

If you still feel uncomfortable, get a feel for the wallet by using our testnet custodian:

(UPDATED: 2022-06-1)


Rollover date of both custodians:


Our pgp key:

Latest wallet file as of 2022-28-04

Verify the checksum using
(UPDATED: 2022-28-04)
Or verify using the signature on our website (note: you can't directly copy this, please see https://blindmixer.com/releases)
Once downloaded:

---

Commonly asked questions:

A. You use cloudflare, isn't that bad for my privacy?
Answer: Only if you weren't using blindmixer properly to begin with. If you do not use a different ip between asking for a withdrawal and asking for acknowledgement of a deposit, we will most likely be able to link your in- and outputs together. As we see the custodian as the primary attacker, preventing this secondary attack vector on your privacy does not interest us greatly.

Why?

Because we do not want you to require any *blind* trust* in us in the first place. Removing cloudflare would probably have the opposite effect: users will more often than if we didn't remove cloudflare trust us to not log their ips, which is bad given that we CAN log it, undetectably. It's a good rule of thumb to expect that anything that can be logged will be logged. And so removing cloudflare does nothing to prevent us from logging your ips, but instead give some users a false sense of security, especially those who do not assume that the custodian is "evil", which is something you should always do. And so removing this vector while leaving the primary attack vector in place (us) does not make a whole lot of sense given the benefits of cloudflare.

*Again, some level of trust is required, but where trust is required, you can verify that we are acting honestly, until we are not in which case it will become apparent and proveable. This is not the case for logging ips, as you will never be able to prove or disprove this, so you should never trust us not to log it.

Keeping cloudflare in that regard might actually promote privacy, or at least make users more acutely aware of the lack thereof.

B. You speak of tor so much, yet blindmixer does not work in the tor browser?
Answer: Indeed. the tor browser does not give us (as far as we are aware) sufficient access to instances such as indexeddb, which are required to properly store data related to your coins such as signatures. The very nature of the tor browser (amnesiac) does not make it a prime candidate to be used in combination with blindmixer, as you'll have to restore your coins each time you close your browser. (both takes a long time and can easily deanonymize your inputs/outputs)
It will also not work without javascript, as we do all the signing to ensure fair communications client-side. You can however use any of our electron builds, or route traffic through tor on your regular browser.

C. How do you make money?
Answer: We wipe the custodian every so often. This means that all the funds that are still present in the custodian at that moment in time, we claim for ourselves, and the signing keys will be regenerated. This has some significant advantages:
I. We can run our services at cost. II. We are disincentivized to exit-scam. III. Other users are disincentivized to exploit our software (and more likely to report it for a share of future profits), as there'll be less funds present than if we weren't to rollover given that over time there will be a set percentage of users who will forget about their wallet, not care, or are otherwise unable to access it.

In your mixing wallet, you can see exactly when the wipe is scheduled for your custodian (https://mixer.blindmixer.com/, once logged in head over to "FAQ"), and we also mention it above (see: Rollover Date)

(UPDATED: 2022-06-1)
C. How do you make money?
Answer: We decay unclaimed coins every single month. In short: Every 4 weeks all outstanding giftcards will have their value reduced by 0.01 (1%) with respect to their original value. There is a 1 month grace period before any decay is applied so that you will always have at least 4 weeks to spend your funds without any additional fees.

---

Currently known issues:

• Custodian can dupe people who try to recover their lightning invoices by telling them they don't exist or don't belong to the claimant. However if you have a locally stored copy of the invoice this will be trivial to prove, so in general it would not be in our interest to claim this as we don't know whether you have a copy or not. (thus making it possible to prove the custodian is acting dishonestly)
  

Please ask us any and all questions you might have! We're just as curious as you! Try us and let us know what you think!