Topic: Coin Join and obfuscating identity, balances, privacy. Is it advisable? (Read 453 times)

Guess it's time to learn something new, you can do it one step at a time. Ubuntu and Wasabi Wallet/Electrum (with Tor proxy enabled) is good start.

Sadly, I use windows and have a plug and play education 
Thanks for reminding me where this rabbit hole starts. In this case I'll likely be waiting for dev tools in windows or other HW solutions focused on privacy. For now I'd just like to break analytics and the connection to identity. Can Trezor conceivably know my identity from my use of mytrezor.com or my use of the bridge to wallet.trezor.io?

right, but if you use the mytrezor.com web wallet, I ***think*** the website can access the extended public keys (xpub) for each address chain for your seed. If that's correct, SatoshiLabs have access to all the information about all transactions for all addresses generated from your Trezor seed, despite not knowing the seed itself (this is assuming the way the mytrezor.com web-wallet operates, I may be wrong)


the ways to use a Trezor hardware wallet with address privacy in mind are:

• using the python-trezor cli tool from https://github.com/trezor/python-trezor
• using the HWI cli tool from https://github.com/bitcoin-core/HWI
• doing either of the above only ever using addresses from hardened derivation keypaths (which means any leak of xpubs doesn't leak any of your public keys)
• doing all the above using a reasonably secure OS (i.e. not window or macos)

I myself use python-trezor at the moment (with the help of some bash scripts that use both the trezorctl and bitcoin-cli command line utilities). Future incarnations of the HWI tool will be more integrated into the Bitcoin Core wallet, the 0.20.0 release in May includes a big step forward in that direction (a vast overhaul of the wallet code that allows the flexibility to, i.e. in this case let the Trezor act as the transaction signer for a watch-only wallet kept on the computer running Bitcoin Core). In the end, IIUC the goal with HWI is to make a GUI interface that's accessible from within the Bitcoin Core Qt GUI, maybe some of that will be included in 0.20.0 with any luck (ping @achow101 who's part of the work on HWI)

Trezor does not know your seed (it is generated when you set up your wallet for the first time), so they cannot ever have access to your wallet. The same way should be with any other client. Only you should ever be setting up your wallet and generating your own seeds. You should be the only one seeing it. So if you ever get pre-generated seeds with a new client or device or wallet, please don't use it, because of precisely the concerns you just had.

On whether or not you should use a new wallet -- I actually don't know myself, but I do generate a completely new wallet whenever I do a privacy-related consolidation of my bitcoin, that has no other connection to anything else but to receive my mixed bitcoin.

I've been thinking much more about using a coin join service since my OP and in my attempts to fight for privacy in general, it seems logical that my coins should not allow analytics at this time. One part I'm still confused about before I attempt this is whether or not my Trezor is linked to my coins, perhaps by my seed and ultimately known to Trezor company? What if they are acquired in the future? 
Is is advisable to use a different seed or entirely new Trezor after the mix finishes? One that would only ever receive coinjoins and never from an exchange or KYC source.
 

last point
examples of ramifications are:
arrested for money laundering
arrested for tax evasion
arrested for running an unlicenced money transmitter business
arrested for linkage to criminal funds
and many more

did you know that there are ACTUAL cases in the world where people end up spending more money on defending their innocence than what they would have lost if they were guilty. more than the assets seized themselves

a good example is BurtW
http://www.jmwagner.com/

in short all he done was buy and sell btc for his own personal spending/investing.. then he got a knock at the door

i am truly laughing at danny
i mean come on danny do you really think that my use of
->
was a big long technical and detailed explaination
do you really think that the complexity of -> truly has the depths to sum up and explain it all
or....

to save waffling my point
as previous posts point out is innocent party B ends up with taint from dodgy person a
oh. and by the way mr hamilton. coinjoin is not some feature that is absolute in its utility

take this example. heck ill even use your more sophisticated alphabet use to describe it
yes ill use C because that seems to make a whole lot of difference
.. and then ill simplify it down to get to the point

a ->c1 -> B
d ->c1 -> E

b - c2 -> A
e - c2 -> D

which simplified still gets you

a-> B
b-> A
i simplified it because
B doesnt care about A or d or D or e or E.. all B cares about is a
A doesnt care about B or d or D or e or E.. all A cares about is b
and thats the point

the topic creator was not asking for a technical breakdown of the coinjoin mechanism he was asking more about advice of whether its safe, legal and morally ok to use coinjoin.. you know.. will he get a knock at the door for accepting funds from undesireables

topic creator used terms like "prove origins of their BTC to a court, tax authority or similar? "
"ramifications"
"privacy"
not
'gimme a technical detailed post about how coinjoin moves funds'

but have a nice day.
its been a laugh

keep up the centralist core dev kiss assing by the way +5

That's great, and I'm sure there are other improvements as well.  My point is that coin join doesn't simply swap coins between two participants (fully implicating one user in another user's crime) as franky1 attempted to imply.

Regardless of the methods I described, the method you've described, or some additional methods, the point remains that franky1's post was misleading and inaccurate.

great, but then all the outputs can easily be identified as a Coinjoin.


this is a better scheme (a more current method that defeats another form of analysis)


2 participants, A & B:


A: 0.40
A: 0.20 \               ----= 0.60
               \           /
                 -------
               /           \
B: 0.30 /               ----= 0.60
B: 0.30

(fees ignored to simplify, imagine they both paid 1000 satoshis and each received 0.59999 if it makes you happy )

Now, with only 2 outputs, analysis cannot make a reliable suppostion that this was a Coinjoin, it might have been, but it's not beyond doubt. 1 person making a transaction typically only uses a payment output and a change output. You can say "oh some people are more sophisticated than that, simply having 29 outputs that are 1 BTC each doesn't mean it's a Coinjoin". And that's completely irrelevant; if some chain analytics outfit deems it a Coinjoin, it is a Coinjoin, and it's then not difficult to convince someone unsophisticated (who might be playing some important role in relation to a particular transaction) that it's a Coinjoin either.

If you do a transaction like you suggest above (dozens of equal sized outputs), send it to some do-gooder merchant or an exchange, and they report you to the "Bitcoin Police" for being suspicious, what are you going to say then?

This is NOT TRUE.

This is NOT how COIN JOIN works.

Here is a slightly more accurate representation of what happens with coinjoin:

(a) -> (c)
(b) -> (c)

(c) -> (A)
(c) -> (B)
(c) -> transaction fee

All of the coins from (a) and all of the coins from (b) get mixed together into a single total amount of coins.
Then (A) gets paid their share of the coins from that total, and (B) gets paid their share of coins from that total.

Note that, if there are ONLY 2 people participating in coinjoin, and the senders are using ONLY 1 input each, then it can still be pretty easy to determine who is paying whom.

For example, imagine that (a) pays a single input of 0.01 BTC, and (b) pays a single input of 2.0 BTC. Then imagine that (D) receives a single output of 0.0099 BTC, (E) receives a single output of 1.9999 BTC, and there's a transaction fee of 0.0002 BTC.  Even though (a) and (b) get added together into a single amount of 2.01 BTC, and (D) and (E) are each paid from that 2.01 BTC total...  It's still pretty obvious that the 2.0 BTC from (a) were intended for (E) and the 0.01 BTC from (b) were intended for (D).

However, as more participants get involved, and payments are made from multiple inputs, it becomes much more difficult to determine who is paying whom.

Imagine instead that the inputs look like this:
(a) 0.15 BTC
(b) 0.15 BTC
(c) 0.15 BTC
(d) 0.15 BTC
(e) 0.15 BTC
(f) 0.15 BTC
(g) 0.15 BTC
(h) 0.15 BTC
(i) 0.15 BTC
(j) 0.15 BTC
(k) 0.15 BTC
(l) 0.15 BTC
(m) 0.15 BTC
(n) 0.15 BTC
(o) 0.15 BTC

(Total = 2.25 BTC)

And that the outputs look like this:

(P) 1.9999 BTC
(Q) 0.0099 BTC
(R) 0.1399 BTC
(S) 0.1 BTC
transaction fee = 0.0003 BTC

Now it becomes much more difficult to determine just how many people are paying, how many people are getting paid, how many "change outputs" there are, and who is paying whom.

I think the best time to use CoinJoin is when you don't need it right at this moment, but preparing for a future transaction that you'd want to separate from the rest of your other transactions.

That would mean, you have to keep a certain amount of balance in your wallet available for use, and you don't necessarily buy BTC from an exchange to use soon.

In this instance, and I'll provide an example, say you accumulated or bought or mined or otherwise acquire some 100 coins. You intend to buy something or pay for a service later which would cost maybe 1 coin.

So that service does not know which exchange you bought your coins from, or it's history, and how it's linked to any other coins you have, you decide to CoinJoin the original 100 coins, either with Wasabi or JoinMarket or any number of other participants, maybe worth a few thousand coins, then have those separated into different addresses when sent back to you, maybe 50 addresses, each one having maybe about 2 coins each.

Furthermore, you decide to hop them a few more times just to separate them from the CoinJoin transaction.

By the time you do your planned transaction with any merchant, or whoever you're going to pay, all they will see is that it come from one of your wallet addresses that had 2 coins, and before that it came from another address, and before that it came from "somewhere" and they wouldn't care that far back anymore.

At most, they'd know where your change went, but most likely they would not care at all what happens to it. They only care that they were paid.

This is how it should be with most transactions. Eventually, the chain analysis will stop since they can't trace stuff back anymore, although I've heard it, they only really check 3 hops away from the deposit or payment address they give you, just to make to make sure it doesn't come from any known bad or evil addresses.

Now if you did everything I said above, and your CoinJoin is also a stealth CoinJoin that isn't noticeably or obviously a CoinJoin, that would be even better.

Is privacy evil then? If privacy is evil why do we still allow so much secrecy in public sphere? I thought the bitcoins belong to people and they have every right to hide them? Should I not hide what belongs to me?

If privacy has become evil, our laws should make it clear that privacy is pure evil,so that all humans on earth can destroy their  windows, doors, fences and probably begin to walk naked.

But to be fair to the authorities, most public transactions should be available to the law enforcement agencies if they find something suspicious. But things should be done in such a way that the laws that guarantee privacy is not violated.

isn't that counter productive?
using such service but want to proof your holding to authority afterwards?
anyway, you can just simply show the connection between the origin and the final balance
all connecting transaction ids and give proof that you have indirect/direct control on both addresses
and by doing so, you lose all your privacy and the principal benefit of coinjoin use

none of that is relevant if your Coinjoin isn't noticeably a Coinjoin.

I have yet to hear of a case of mixed coins being rejected from anywhere, though of course many of them refuse to tell you why you're getting the boot.

So far it's all been from identifiable sources that break the terms and conditions of wherever the coins end up. The first place that does do it is going to attract a very large dollop of ire.

there's a simple, undetectable way to do Coinjoins: 2 party


when dozens of people do a Coinjoin in the same transaction, using e.g. Wasabi wallet, that tx is completely obviously a Coinjoin when viewed on the blockchain. All the outputs are the same quantity of BTC, it sticks out pretty badly.

But if you do a Coinjoin with only 2 (maybe 3 maximum) people, and do not use identical amounts as the outputs, it's impossible to tell that apart from one person spending their own money normally just by looking at that transaction on the blockchain.

The Coinjoin wallets should really go in that direction IMO, as it has another advantage: if you pay for something using a 2-party Coinjoin, the store you're buying from can use it as an opportunity to squash small BTC outputs they have collected from other customers into a bigger one, and they don't need to pay for the transaction, as it's you that's paying them! everyone's happy

not exactly. once outputs are multiple hops from the exchange, then at best, blockchain analysis can give some degree of confidence regarding identity. nobody can prove anything about those latter transactions just by looking at the blockchain, especially if a user knows how to avoid cluster analysis. the coins may easily have passed through multiple hands. in fact, bitcoin can theoretically be used as a physical bearer instrument, so coins could even be passed around through multiple parties without transacting on the blockchain.


the person would need to prove the origin sans blockchain analysis. typically, that's how it would be done anyway---a person pointing at a bunch of public addresses on a blockchain explorer isn't proof of anything anyway.

bank statements, receipts, trading records, service withdrawal records, etc


nobody can speak to that, unfortunately. the FATF travel rule is unprecedented and some exchanges have reacted by de-listing privacy coins. we could see obfuscated transactions like coinjoins (and also centralized activity like traditional mixing) receive increased scrutiny from exchanges as VASPs become increasingly regulated.

AFAIK,  exchanges are reluctant to top accounts with  the coins that went trough shuffling services and some of them which are on everybody's A-list   even refuse to do that. There are small exchanges  which don't pay attention on that, it's true, but what's the point of ₿ mixing, if its whole blockchain is fully transparent in the eyes of deep analytics.

Thanks for the replies.  The argument is fairly clear and it looks like I'll avoid coin joins for now until things get clearer.  There's a lot of hype/support from regarded persons in the community if this has recourse potential.  I'd not be happy to learn later that I had been trading coins I worked and paid dollars for, for stolen coins. 

but when only those using coinjoin are predominently those wanting to do bad stuff. then the stash of coins in the mix is predominetly bad taint

again you might be trying to hide taint of a victimless petty crime, but getting taint of a more nasty crime instead which makes you then have to explain why u got the coins, who from. the purpose. etc.
using money laundering/mixers/coin join does not absolve you from having police knock at your door. you can stil have assets seized. your hardrives taken from you and inspected and asked to be interrogated in police custody.
its like people also think buying btc cheap and at pric rise buying a lambo with it absolves them of paying taxes. sorry but if you on normally $30k a year/modest life but suddenly your spotted with a lambo registered to your address.. you will be looked into as to how u funded the car.

i know this, gmax knows this . its why he went on to try to find ways to get more 'clean' coins from innocent users into the mix and why
some wallets that use coinjoin are trying hard to get innocent people to use it too, to reduce the % of bad taint

imagine it like a underground cafe where people can discuss less favourable things in confidence. patrons attending there are usually higher chance of having done a crime else they wouldnt need to use it. so if a cop went to a regular cafe and the dark cafe and just randomly picked a person from each. i can guarantee you if u investigate hard enough the chances of the dark cafe patron getting arrested for something is much higher. and thy got caught not from the crime itself, but from just being at/using a service known for notorious purposes.

why do you think exchanges, without even knowing if an actual criminal is using an exchange just blacklists coins that have simply gone through a mixer.

what your not seing is these few things
1. in many countries a court only needs a 7 of 12 jury consensus saying guilty.
2. innocent people dont even want the police to knock at the door. definetly dont want to be hand cuffed. dont want to be questioned, have funds seized, computer/devices examined, put on bail and left waiting for months just to see a court date to hope that a judge dismisses the case..
again innocent people dont even want to get to a stage to even want a judge to be standing infront of them.

just being accused of a crime or even just questioned by police is more stress than innocent people would want.

but i do laugh how you think it should be acceptable for normal common folk to be standing infront of a judge to be told by a smart judge that there is no 100% unanimous proof thus dissmiss the case.

and you only need to look at police reports and court documents to see that many many many people who are later found innocent have been put through the legal system and it affecting their life needlessly