Topic: Can Coinjoin transactions be traced? Busting Bitcoin privacy myths! (Read 1704 times)

I suppose not if your standard of 'perfect' is 100% guaranteed privacy with no thinking involved. However, liquid coinjoins using the WabiSabi protocol create a practically infinite amount of results, you can attempt to trace participants yourself: https://mempool.space/tx/70aad1d92dd3fc6ddbd802ed20ed155472a5752126a0c3489b56fde6e4cf801c

I have read the whole thread and it seems to me that there is no perfect solution between these options(?)

Another Bitcointalk user attempted the challenge of tracing a WabiSabi coinjoin:


He failed to produce any results

A new challenger has appeared! dkbit98 claims Bitcoin is not anonymous. However, he was unable to trace a WabiSabi coinjoin:

Unlike coinjoins with a fixed output size chosen by the coordinator, WabiSabi coinjoins organize output amounts optimistically from the client side. When creating huge rounds with lots inputs, it's easy for clients to match their output amounts with each other. With smaller rounds, the efficiency decreases. For this reason, the default coordinator in Wasabi Wallet requires at least 150 inputs for a round to begin, but other coordinators may require lower input minimums. For example, this WabiSabi coinjoin only has 40 inputs: https://mempool.space/tx/9709771a2dc9a1343327776a1f52e6ae75adb981cabdab449408099d5851baf2

Oh, yes. The censorship chapter of this saga, unending. "You shouldn't coinjoin if you're a criminal" <-- they've literally said that. If you read that post, you can see Max arguing that Bitcoin is permissioned, and you can send "bad coins" only if you own hashrate or bribe a miner. And we're supposed to trust the skills of these clowns.

Oh, and since I've sent you to that post already, read my favorite part:

There is no solution to which coins are good and bad, but let's buy chain analysis crap data and grant them control over who gets to coinjoin and who doesn't.  

You don't have to trust me.


You don't have to trust Wasabi. It's trustless open source software.

At this point, any body who reads a discussion in which Kruw has participated and decides Kruw is to be trusted deserves the future consequences of their own stupidity.  Such as nodding their head in agreement to Kruw back when he pointed fingers at us for arguing against Censorship.  Whoever stood for the childish arguments Kruw had back then looks pretty silly now when you have Kruw himself running an uncensored coordinator, which is doing the exact opposite of what he said himself, which was that Censorship is the morally correct thing to do.

We both know Wasabi is NOT to be trusted and I would definitely have many other options over it.  Hell.  I would rather trust a Centralized Exchange which says up front that they impose Know Your Customer than some body like Kruw and the Services he advertises.  Particularly when equal or better competitors to Wasabi always get a spit in the face from Kruw with no reason when ever he gets the chance to do it.  I like people being up front.  Particularly when I decide whether to choose their product or not.  Tell me you arbitrarily ask for Know Your Customer and I will be an idiot if I drop my money thinking I will not be asked for it.  But when I ask a question and it always gets derailed, how the hell am I supposed to trust?  When Wasabi claims to be THE solution for Fungibility while differentiating one Bitcoin for another and THE Wallet for Privacy while imposing Censorship, which is very 1984 ish, how am I supposed to trust their product?

I forgot.  'Wasabi is TRUSTLESS!'.  Sure.  How dare I even THINK about trust.  I completely forgot their stance was different.  More like, ignore the red flags, shut up, close your eyes and hand us your Money.  Do not ask questions, or else you are an idiot.  And a Scammer, too.  And probably an Alt of Samourai.

Like I previously said.  Kruw could do astonishingly well as a Politician considering the expertise of avoiding any legitimate question, derailing discussions and talking about apples when asked about pears.  This is a skill no body wants but he proudly showcases at all times.

-----

Why can you not answer so many questions and always answer only what is convenient?  The glasses, Kruw.  We are back to where we started, they are either dirty again or you need to get your eyes checked because they seem to skip so many questions all the time.  I am starting to get really worried!

Yes. Why can't you answer that question?

Aren't you tired already from playing it stupid? I mean, Jesus. Do you think the viewers of your discussions can't tell you're one big hypocrite? You're really asking me to answer why I would rather use Whirlpool over WabiSabi, after all been said for the last two (or three?) years?

Literally everything in these questions has been answered in the past. Anyone still trying to figure out those answers can just use a search engine like ninjastic.space. The tl;dr is that Wasabi is a clown fest. I'd rather not engage in discussions about it anymore, if I may. I think I deserve this. There really isn't anything more to say.

Still waiting for the answers to all of these questions.

You are right you could argue that the maker or the taker switch their roll between coinjoins but joinmarket and whrilpool still would give a false sense of a higher anonset then it leads to believe. So it comes off as the makers being almost pointless and making the transaction fees not worth the effort. IMO I think wabisabi is a much better coinjoin system since all inputs are takers with unpredictable output spending. Wabisabi gets a bad rep for blocking certain UTXO's but I think this is a good thing because coinjoining with sanctioned UTXO's will label all UTXO's in the coinjoin as sanctioned.

When you look at a single JoinMarket coinjoin, you can often (but not always) determine common input ownership for the participants and track their change. However, this isn't a limitation that ever requires you to compromise your privacy because you can use the taker role to construct a coinjoin where you have only one input and one (equal sized) output.

Here's an example of a JoinMarket sweep transaction: https://mempool.space/tx/9c6479472e1f3b5861c86bc904d11814e715a84c21aa8d0dd0861e635555451f

You can tell this is a sweep instead of an outgoing payment because there are 9 inputs, 9 equal sized outputs, and 8 change outputs that can be easily connected to maker inputs. The taker's input was from bc1q2pcrqv8jshjalxdan9hdm6qsh0njtm7jxydct9, but there is no trace of his output since it could be any of the 9 values for 0.03846033 BTC.


Yes, common input ownership and toxic change are the same problems inherent to Whirlpool coinjoins as well. The main advantage JoinMarket has to defeat this problem is ability to coinjoin arbitrary amounts, so your toxic coins never have to touch each other. Whirlpool is limited to coinjoining fixed amounts (0.5, 0.05, 0.01 and 0.001), so every transaction you send or receive will require you to forfeit up to 100k sats in unmixable change in order to keep full privacy.

The second advantage JoinMarket has over Whirlpool is that Whirlpool cripples the privacy of users by requiring a premix "tx0" transaction. The premix conclusively reveals all the consolidated inputs are owned by the same person and links it with toxic change that can be tracked in future transactions.

JoinMarket mitigates this privacy leak by skipping the premix transaction and consolidating inputs directly in the coinjoin transaction. Here's an example of a 5 person JoinMarket coinjoin that consolidates 297 inputs: https://mempool.space/tx/63b28f5e17e03fef27795e1ea7fbf821e2d5f072098ffcef3d27b8b2d23ca719

This makes it difficult to determine which inputs belonged to the participant that created the 33677 change output and which inputs belonged to the participant that created the 44384 sat change output.


If 5 out of the 6 equal sized outputs created in the coinjoin end up remixing as makers in the future while the remaining equal sized output is spent in a unique way, the first guess someone would make is that the output that didn't remix was created by the taker. But, this is still a guess and not a 100% guarantee since the taker could have switched roles to become a maker, or a maker could have decided to stop remixing and spend their coins. So, you could have scenarios where all 6 of these outputs remix, or all 6 of these outputs are spent, or any combination in between.

I thought joinmarkets were still pretty easy to unmix. If theres only 1 taker and for example 5 makers in a joinmarket coinjoin it should be pretty easy to unmix them if you watch to see which output get used as inputs for more coinjoins then they are makers and if you can determine which outputs were makers then you can determine which output is the taker by process of elimination.

This is the same problem with samurai wallets whirlpool right?

Question for experienced JoinMarket users: How frequently do you participate in a remix as a maker?

LaurentMT confirms that Whirlpool's incentive model was designed to provide the least amount of anonymity possible: https://twitter.com/LaurentMT/status/1783589807668535563

Some Whirlpool users were rugpulled because they paid coordinator fees in a separate transaction from their coinjoin: https://mempool.space/address/bc1q6dxnvx3wm40e4rtmye6fwy9zmwnqchnz04pzaa

Mempool.space seems to have applied the "Coinjoin" tag to this Whirlpool tx0 transaction as well: https://mempool.space/tx/97a6b985f48c2faf4a3cb7c1e4b5a0ac230fd59aac33723101de9dd144bd735e

I wrote a blog describing how WabiSabi clients can avert future consolidation mistakes by preemptively remixing under certain scenarios: https://blog.wasabiwallet.io/exploring-secure-coinjoin-protocols/

This issue explains the assumptions a lazy attacker would make from observing spent coinjoin outputs and how to avoid imitating the known weakness of ZeroLink consolidations: https://github.com/zkSNACKs/WalletWasabi/issues/10565

Coinjoining takes time and block space, and since both are limited resources, the debate is consequential. No one wants to waste either.