To all the reviewers: When hiding addresses in your images, take care of hiding the
entire text. If you let a couple of characters visible then it's trivial for anyone reading to figure out the entire address.
Reviewing [banned mixer]
Mixers are increasingly becoming less appealing as solutions when compared to trustless techniques like coinjoins and XMR swaps over time. Therefore, for a mixer to be deemed competitive in today's landscape, it must meet a plethora of criteria. For that reason, I will try to be as much strict and constructive as possible.
1. First impressionI'd like to comment a couple of things before I make any deposits. Let me break them down.
Security- You rely on javascript. I strongly recommend you to either let people audit the code of both your front-end and back-end, or get rid of javascript completely. As far as I can tell, you're using /js/172201f7603a4c7f9dae6231933cbbde.js]jQuery which is known to suffer from several vulnerabilities. Can you tell which version is it? You should not use anything beyond the latest version, as it is known to having vulnerabilities. These particular XSS vulnerabilities can let an attacker inject malicious code into your page. (I don't believe you really need javascript, there have been large mixers without javascript in the past)
- /2356646]You have not DNSSEC enabled, which can significantly reduce the risk of various DNS-based attacks, such as DNS spoofing, cache poisoning, and man-in-the-middle attacks.
You have not set the Content-Security-Policy header (which protects from cross-site scripting).
Privacy policyI'm a little bit hesitant to using this mixer after reading its privacy policy. So, I'm basically agreeing that [banned mixer] implements coin filtering and I'm forbidden to using it if my coins are included in some illegal activity. I'd expect better policy from a service that is trying to enhance Bitcoin's privacy (and coincidentally, its fungibility).
/terms]4. PROHIBITED ACTIVITIES and COIN FILTERING
You accept not to engage "The Service" in any illegal activity or not to use "The Service" to adversely affect the performance or provision of services by "The Service". In addition, You accept not to use any Bitcoin created, received, or granted in exchange for or as a result of any illegal activity in "The Service".
[...]
COIN FILTERING
"The Service" may carry out verification and control of illegal activities with the help of a third party under a contract. "The Service" may terminate Your access to "The Service" with immediate effect for any reason - including, but not limited to, illegal or prohibited activities, at its sole discretion, and is not obligated to reveal the details of its decision.
You accept that "The Service's" decision to take certain actions, including termination for any reason at its sole discretion, may be based on confidentiality criteria that are necessary for "The Service's" security protocols and risk management. You accept "The Service" is not obligated to reveal to you the particularities of its security and risk management processes.
In addition, the user has to accept that they will not be revealed the reason their coins were rejected. I want more information and explanation on this. Why are you doing it? Bitcoins are fungible. Why do you treat the currency as non-fungible? It harms it as currency. How can the user trust a service with the aim to improve fungibility if the service itself doesn't treat it likewise? And which is the procedure followed if you deem their coins as "tainted"? Do you return them back to their address? The user will hesitate to using this, if there's a chance to confiscate their money (which seems to be).
The rest of your privacy policy seems fine.
Your FAQ pageWas this written on the go? Looks sketchy. There are lots of spelling mistakes like "brake", "concerned as a donation", "P2SH or Compatibility Address Format" (since when is P2SH called like that?).
I find your FAQ ambiguous.
- For example, in "Can I trust with you large amounts of BTC", what should the user do in bitcointalk anyway? Leaving it in splitting the amount in multiple deposits would be fine.
- Another question that comes to my mind is: is the user charged the mining fees? In other words, do service fees include the mining fees? You should clarify everything when it comes to the costs.
- In "Do you save any logs?", I'd correct it to "We do not keep any logs". You do save information, otherwise you wouldn't be able to delete it.
- You're writing "We use a TUMBLER CODE to be sure that you will not get your funds back". I'd change it to "We use a Tumbler code to be sure your coins will not have a blockchain connection". The former looks just bad.
- I suggest you to remove bitcoin.com from the linked page for verifying signatures. There are far better, open-source tools for verifying a message, without accepting bitcoin.com's strict privacy policy. Namely, Electrum.
A Bitcoin user seeking privacy would regard the operator of this service as inexperienced. This
is my first impression. Assuming you address these concerns, let's proceed to the crucial aspect; mixing.
At first, I'll be using Tor Browser v12.5.4.
Okay, so the design is pretty neat (even though I don't prioritize it at all). We have tumbler code, receiving address(es), service fee, fee calculator, delay, and an anonymizing meter. Again, let me correct a grammar mistake; in the question mark of the anonymizing meter, you would want "effective" anonymization, not "efficient". As for the "Security Level", as a reviewer I'm going to try them all, but honestly, as a user, you haven't convinced me of any particular essence. Where do Basic level coins originate from, I cannot make any sense. Let me quote it for you;
Basic level uses a pool that operates on a "peer-to-peer" system, wherein assets for payments to new customers are generated from bitcoins received from other customers.
Buzzwords, if you ask me. What "peer-to-peer" system, which customers, all of which happen where? Same applies for Standard and Premium:
Standard Level - its funds are coming from large Basic Level transactions, private resources of the system and depositors' bitcoins. For this reason, Standard Level funds are large.
Premium Level fund is not associated with Basic Level bitcoins. This premium pool contains the system's private resources and depositors' bitcoins.
What is a "private resource"? What's the difference between Standard and Premium? They both provide "private resources" as far as I can see. Seriously, did you write this in a hurry?
Anyway, let's move on.
Security level: BasicTo start with, let me try out mixing with the weakest anonymity meter, so I can tell how bad that is.
Parameters:
- Service fee: 0.4%
- Delay: 0
- Total receiving addresses: 1
I hit continue, I get warned for [banned mixer]'s sending address and terms of use, letter of guarantee is downloaded (and signature verified), coins are deposited.
A little while later, after waiting for confirmation, I got this:
Not the best thing that can happen to a mixer user.
So, a couple of minutes after I sent them a message, they responded with this:
support]Dear ---- ---------,
Thank you for contacting us with a request for assistance!
Our system detected that you sent money more than once to the deposit address. Maybe you tried to increase commission that is considered by our service the same. We can make a refund to one of the addresses specified in the output list or to the address from which we received the money. Otherwise we can make refund to address that you sent deposit from:
1. [removed]
2. [removed]
Which address do you prefer for a refund?
]
We’re glad you chose the our project. If there is anything else we can do to help, please let us know.
Best regards,
Support team
This is bad. Your system shouldn't consider replace-by-fee as a separate transaction. It's
literally replacing, as the name suggests, the older transaction. Also, why am I one who paid the error? I sent 100,000 sat, received a few thousand less. It isn't my fault than you don't take into consideration RBF, you should at least warn somehow during the mixing process.
Attempt #2. Everything worked, I didn't use RBF and I instantly got my mixed funds. So, at this point I'm going to share the TXID, so people can check and rate the anonymity set.
Received bitcoin in: bc1qvmgfa9zedvh8ger43yv9mju8t5aw275vpa5tu9. Coin history of the the address that paid me looks like this. Very average, could have accomplished better levels of privacy with a small Joinmarket coinjoin.
Security level: StandardParameters:
- Service fee: 1.80%
- Delay: 0
- Total receiving addresses: 1
Received bitcoin in: bc1qthpl93rv7908hyr46w8sr52kcz9ynxvt5mt3hc.
Coin history looks as following. Seems like the address that sent coins to [banned mixer]'s withdrawal address comes from some sort of exchange? I searched for it in walletexplorer.com, and as it turns out,
it belongs to one of the wallets they're actively tracing. I wouldn't want my mixed bitcoin to be related to that. Additionally, I don't acknowledge much greater levels of privacy than with Basic. Let's move onto Premium.
Security level: PremiumAt this point, I'll be using Chromium browser (117.0.5938.92) in Ubuntu 22.04.
Parameters:
- Service fee: 3.60%
- Delay: 1hr. 46min, 3hr. 38min respectively
- Total receiving addresses: 2
Let me confirm that I will get my coins on time.
(3hr. 38min later)Alright, so I do confirm that I've got the coins on time. Coins received in - bc1qjeej3ahzvwkekaem069r25enxrm0vgh0yd06qv - and - bc1q5z8gq8er4aw4stl6fj48wmreeq409lywu32esg. Let's have a look on each coin history.
That's pretty disappointing. I paid for premium, anonymizing meter signaled "Strong", used Tumbler code to let the service know with which outputs I don't want my mixed coins be connected with, and instead, I got one mixing and two regular transactions which are directly connected. Literally, the former is the change of the other.
If the images confuse you, let me use ASCII:
(#1 withdrawal)
┌───────────┐
┌──►│bc1q...06qv│ (#2 withdrawal)
┌─────────────┐ │ └───────────┘ ┌───────────┐
│3ELb...v2MJZ9├───┤ ┌──►│bc1q...2esg│
└─────────────┘ │ ┌───────────┐ │ └───────────┘
└──►│3GAha...rhb├───┤
└───────────┘ │ ┌───────────┐
(mixer change) └──►│3AuK...zabP│
└───────────┘
(mixer change)
ConclusionsThis is a very bad mixer. Sorry, but I'm being paid to tell the truth here. I'm genuinely curious as to what the rest of the users see that I don't.
Here's a list of your cons that you should
absolutely work on:
- Actual mixing. When the user receives mixed coins, they have to look mixed. That's the point of the mixer; to improve fungibility and privacy, and the manner to accomplish it is to make it difficult for outsiders to de-anonymize known-mixer outputs. However, there needs to be a discernible indicator that these coins indeed originated from a mixer, so that anyone attempting to trace them can give up.
- Privacy policy. As I previously said, the user expects you to treat them equally. They want fungible outputs, you must treat theirs equally. That's your job. To take "tainted" / "bad" / whatever coins and create completely indistinguishable / fungible coins.
- "Security levels". The user has no manner to verify whatsoever how their "Premium" coins are more private; which is a lie in the first place as I demonstrated. Premium coins which I expected to withdraw on different addresses, were withdrawn with direct blockchain connection. Minimum privacy there.
- Pricing. Please explain me why each receiving address costs an additional 20,000 sat. Your fee range of 0.4% to 3.60% is quite reasonable. However, as you've acknowledged, I didn't receive an equally good product for the price I paid when comparing the "Basic" and "Premium" options.
- The site's ambiguity is pretty unattractive and demonstrates amateurism.
- Javascript requirement is concerning, provided that mixers are targets for DDoS and other sort of attacks.
Here are some less significant things to account for:
- Segwit nested in deposit addresses. Both you and the users can enjoy less expenses if you only use Segwit native. (the argument of "using different address types for better privacy" I've previously read above is ridiculous)
- Replace chat with e-mail support. It's just more professional and user-friendly IMO. If message privacy is a concern (which should be), add a PGP public key.
- Separate blogging. You don't really need a blog under the same place where the mixer is. It increases the chances of someone exploiting a vulnerability. The more the scripting under [banned mixer], the more the attack vectors. If you really want a blog, just rent another server and run it under a sub-domain (i.e., blog.[banned mixer]). It depends, at least, on under which script is this blog running. That's another reason why you should let the people audit the code.
- Overpaying in fees. I checked your transactions, and it appeared that every single time, you used at least the maximum fee. Nor the user, neither you need to lose money on that, if the user clarifies that they are not in a hurry.
- Languages are problematic, and that's why I'd recommend you to keeping it English only. For instance, if you change the language, blog posts or terms of use aren't translated.
- Genuinely curious: do you really need a 278kb (!!!) /css/75139cd7b255a51d80cca418c007a487.css]css file? If I asked you to describe me in detail what it does, would you confidently answer that? You're trading security for comfort here.
I will edit this post in the future if needed.