Topic: Coin mixing vs coin joining vs Monero converting (Read 569 times)

I certainly wouldn't be sending directly from one exchange to another, but sending the full UTXO from one address to another achieves very little on any coin. If an adversary can't see your transactions (Monero) then adding extra hops does nothing, and if an adversary can see your transactions (Bitcoin) then extra hops which move an entire UTXO are most likely going to be a self transfer and so are easily traced. Hence my recommendation to split the UTXO up across multiple addresses and multiple transactions.

Absolutely. You should assume that every centralized exchange you use (KYC or not) is sharing your data and your activities with each other and with blockchain analysis companies, because almost all of them are. Amount matching is an easy way to link accounts as belonging to the same person, especially if the withdrawal from one exchange and deposit to another exchange are within a relatively short space of time.

True, but you should be careful not to combine coins which have previously been linked to your real identity with these coins you are trying to obfuscate. Although important for any coin, it would result in a complete failure of the process if you did it with bitcoin.

Okay. I remember being recommended the 2 adress solution in my early days with Monero. Maybe something has changed since then and it made more sense then?


Your example that both exchanges know each other was exactly in my mind.

The blockchain analysis due to the amount minus fee situation is not only a problem with Monero.

Another possibility to the method of splitting is to send a small additional amount from another XMR-adress to the withdraw wallet. Then the sum that arrives at the exchange #2 is greater than that from the exchange #1.

That sounds terrible. To register at Binance, you forfeit every single square of privacy you're left with, due to mandatory KYC. Secondly, Binance is known to cooperate with chain analysis companies. Even if KYC wasn't a thing, I'd expect zero obfuscation from a service like Binance, because they'd surely hand your activity to their partners (e.g., what you deposit, what you buy, what you withdraw, where you withdraw etc).

Some amazing information in this thread, bookmarking it for later when I need to mix my coins.

So far I have been using chipmixer (not promoting them, use at your own risk) for mixing my coins and I thought there was no other way to mix the coins. Before chipmixer I would simply deposit to Binance and Poloniex (before Binance) and withdraw them after a few meaningless trades.

I have heard Monero is untraceable but not sure how it works, I will be learning a lot from this thread though, thanks OP  .

Given the way in which Monero works, and assuming you are doing all this via your own node and not relying on someone else's node, then adding in an additional address in the way you have proposed adds very little to the process. The first exchange will not be able to see where the coins sent to the first address go, regardless of if they go to another address you own or directly to a different exchange. Similarly, the second exchange will not be able to see where the coins from the second address came from, regardless of if they came from another address you own or directly from a different exchange.

What is far more likely to compromise your privacy here is that you have withdrawn x amount of Monero from exchange 1, and then deposited x minus fees amount of Monero in to exchange 2. If the exchanges talk to each other, or share data with third parties (which is likely), then it becomes possible to link your withdrawal on one exchange to your deposit on a different exchange. So instead of simply moving all the coins from one address to another, you would be better served moving all the coins from one address and splitting them across two or more different addresses in non-equal amounts, before changing some of them back in to bitcoin now, some of them back in to bitcoin later, some of them back in to bitcoin later still, and so on. Even better if you use multiple different exchanges or trading partners to do this.

To ensure more anonymity would it not make more sense to interpose the route with two XMR-wallet addresses?

BTC -> a non KYC exchange use a free / disposable email -> convert to XMR -> withdraw to XMR-wallet 1-> send from XMR-wallet 1 to XMR-wallet 2 -> send to another non KYC exchange with a different free / disposable email -> convert to BTC -> withdraw.

Actually, I don't see how that's a problem. Honeypots, if there are, would come with good connectivity-- like tens of nodes with sufficient liquidity. But, when you make a payment the intermediaries don't know about the sender, nor the receiver. Even the receiver doesn't know the sender (unless he's chosen to reveal the public key on purpose).

There's indeed this problem, but BOLT12 aims to solve it.

It's possible to access it through clearnet, I just find no reason to.

Well, that's then immediately discounted then. I have no interest in using a service which uses blockchain analysis to examine my deposits and attacks bitcoin by buying in to the nonsense of "taint".

It's as centralized as every other DEX (other than Bisq) in that it runs via a website (trading only possible over Tor), but is focused on Lightning trades. Their escrow/bonds work via Lightning hold invoices, which probably requires as little trust as possible when compared to other DEXs (again, other than Bisq). n0nce posted a nice review several months ago: https://bitcointalksearch.org/topic/review-robosats-bitcoin-lightning-on-off-ramp-no-kyc-p2p-tor-5405549

I think it is about convenience.  Swaps are done instantly with enough Confirmations and there is no need for BTC security deposits.  I used all three of them.  Fixed Float was one of my top choices for a while, but they recently started selectively scamming freezing deposits if they think or are told you are bad.  See this topic for reference, it is a fun read indeed https://bitcointalksearch.org/topic/bestchange-keeps-scammer-exchangers-and-probably-collaborates-with-them-5424907

Last time I used them, Fixed Float and Side Shift have fees around 0.5%

How does RoboSats work?  I notice you primarily like Peer to Peer and Decentralized services.  Is RoboSats a Centralized service?

-
Regards,
PrivacyG

Whenever I want to swap BTC/XMR or vice versa, I always do it via Bisq/LocalCryptos/LocalMonero or someone I trust on this forum, or more recently via RoboSats. How good are these services in comparison? What fees do they charge?

Worth pointing out that if you use Whirlpool you must use it via your own node or else your xpub is shared with the central coordinator.

I notice you say you use Sparrow wallet - have you used Whirlpool via Sparrow? How does it compare to Whirlpool via Samourai?

coinjoin/mixing/monero will all improve your privacy, but you need some basics first.

first thing you need to learn is coin control of your UTXO's (unspent transaction outputs). think of UTXO's as individual coins & notes in your physical wallet (just in digital form)
- I like to use free & open source wallets like sparrow wallet, which makes UTXO management very easy. samourai wallet for mobile. if you spend across multiple UTXO's, you can destroy your privacy in an instant. most wallets will do this by default.

second, run a node & connect all your wallets to it - when all your transactions go through your own server they can't be censored & you won't dox your IP if you're running over TOR. i like mynode or raspiblitz - they're like a swiss army knife for bitcoin.

if you screw up these 2 steps, all the privacy you gained through coinjoin/mixing can be undone.

privacy tools - they all improve your privacy in some form, however they all have their pros & cons - used in conjunction with one another, much more powerful.

the thing about bitcoin privacy - you need forward looking & reward looking privacy.

you can coinjoin into oblivion, but if the last spend is done incorrectly/to a KYC destination, it will undo all your privacy. I think coinjoin + lightning is good - transactions aren't public & you can hide your spend UTXO (however there's considerations).

when spending on lightning you want to choose a relatively well connected node (but NOT a honey pot or where you're actually sending the funds). You want to route your transaction through another node (perhaps multiple) to hide your UTXO. Lightning will do this automatically if you send to a destination you're not actually connected to. i wouldn't receive on lightning at this stage, unless you can cover your tracks after receiving it.

there's no reason why you can't throw an XMR transaction into the mix too - using fixedfloat, sideshift.ai, coinswap.click. You could also perform these swaps in a TOR browser. there's plenty of sites to swap without KYC. check out kycnot.me. there are atomic swaps BTC - XMR without a trusted third party, however I don't feel comfortable using it yet - looks like it's for advance users. if you need to go back to fiat, you can exit using XMR throught bisq or localmonero. both are great IMO. need to stop using KYC exchanges & go P2P only.

personally i don't like mixing services - they could be honey pots to catch the people who want privacy. I like whirlpool & join market, or a combination. i prefer join market as there's no central co-ordinator, coinjoins are much cheaper & use can coinjoin any amount. however, whirlpool has a massive liquidity pool, so that's a huge benefit too. anon set is probably way higher than join market. different strokes for different folks. depends on your threat model.

lately i've been playing with liquid & statechains on mercury wallet. just more options to throw into the mix.

obviously, if you can buy BTC/XMR without KYC, you can avoid a lot of the headache above, however i'd still use it all, privacy is a must in these times.

the more the merrier - they're pushing more & more surveillance & control on the us, we need the tools to push back. none of it is ethical, privacy is basic human right.

Why wouldn't you use all of them, and I would also add Joinmarket in that bunch.
There are also other options like using Lightning Network, or using Layer 2 Bitcoin wallets like Mercury that uses statechains.
I like to have more options when I want to have more privacy, and combination of more tools is certainly giving better results.

Depends. Let's say you are using Electrum on a public computer. Whatever server(s) your copy of Electrum connects to will be able to link all your addresses to that IP address. Let's presume you connect over Tor so your IP address doesn't give away your rough geolocation or anything like that. What else do you do from that session which could then link you to your addresses via that IP address? Do you log in to an exchange account? Do you communicate with a trading partner via some third party platform or software? Do you open another wallet, linking those addresses to the first set of addresses? It all depends on your exact activities.

Keep in mind you can always set up your own node and Electrum server on your home computer and then connect to it over Tor from all the public computers you are using - you don't have to run the node on the public computers themselves.

Do not forget something very important.  Make sure you time things properly.  It is very important to make it least possible to correlate devices, time stamps et cetera.

For example.  If you have to launch your Bitcoin Full Node and then the Monero Full Node, do not do it simultaneously.  Do not close them simultaneously either.  The more time there is in between two actions, the less likely it is to link the two actions together.

I never open my computer, immediately start posting and shut it down afterwards.  If some body was interested in revealing my identity, they would know PrivacyG logs on when X's computer made a successful Internet connection and logs off shortly before X's computer disconnects from the Internet.  If you have 10 separate Bitcoin addresses, it is just as bad to move all funds the same day every time.  By doing so, some body will know there is likely a link between them.  If you are going to launch Chip Mixer, do not search on a separate device how to use it or stuff about them.  This can be a privacy breaker.

When spending Bitcoin or Monero, make sure you do not spend about the same amount every time.  If you send 0.01 BTC to an Instant Exchange for them to turn it into say 0.05 XMR and next time you spend 0.05 XMR minus change to receive the equivalent in Bitcoin minus change, they can put a question mark in between the receivers and senders.  Because even if both Exchanges go from and to other addresses every time, they will have this log

0.01 BTC from address A turned into 0.05 XMR sent to address B
0.0499504 XMR from some body turned into 0.00993432 BTC sent to address C

While they are not completely sure the addresses are linked, it now becomes a possibility that address A is in fact address C.

Thought it would be important for you to keep this in mind.

-
Regards,
PrivacyG

Considered all of that and its a green light. Now, considering that, is there any benefit to running my own full node?

I'm assuming you mean P2P? Not really.

Their ToS doesn't mention word "vpn", "proxy", "tor" or "hide". Although their privacy policy mention about prevent fraud/monitor anomaly using third-party.


I don't know about HodlHodl, but Bisq use Tor by default.

---

Honestly i don't know.

You certainly won't lose anything by doing it, but I'm not sure you would gain anything. As long as you make multiple trades and don't trade the exact amount all at once, then I don't see any real downside to just using Bisq.

I wouldn't recommend any centralized exchange at all. RoboSats is another option besides Bisq. More here: https://kycnot.me/

You need to consider the risks of doing all this in public. Are there people that can see what you are doing? Are there any cameras? Are you sure the computer you are using doesn't have some monitor device attached to it, such as a hardware keylogger, which would not be mitigated by your use of Tails?

For your method of fiat? Can you swap it to USD or similar first?

Thanks for this heads up. Good to know. Is the usage of VPN in their T&C? What about Bisq and Hodlhodl? And how do you resolve this issue if they dont give you back your coins even after verifying like what you linked? Who's law are they under?

Notice step 5 and 6 where %70 is sent to Hodlhodl and the remaining %30 to Bisq. Is that unnecessary, to divide the coins? Or just do all of it with one exchange (e.g. Bisq)? If it is a good idea, then is Hodlhodl good? And since you said to not use Kucoin, then which 3rd exchange do you recommend (besides Bisq and HodlHodl)?

What's the problem with that if using a public computer with a public ip? Downloading the entire blockchain will take 24 hours, which isnt feasible over a public computer.

No buyers

Maybe on a public block explorer, but you aren't fooling professional blockchain analysis firms by simply splitting UTXOs up and then recombining them later.

You don't know (unless you are also collecting extra data such as IP addresses from light wallets or similar), but if there is a transaction which combines several UTXOs, all of which can be traced back to a single UTXO in the last couple of parent transactions, and indeed comprise the entirety of that UTXO, it is a very reasonable assumption to make.

It's not a bad solution, but I would avoid using KuCoin or any other centralized exchange at all since they all track your movements and report to blockchain analysis companies. Far better to use a proper DEX such as Bisq for this step, just as you do at the end. And you should be running your own node for both Bitcoin and Monero rather than using light wallets depending on someone else's node.

A simpler solution all round would be to return your KYCed bitcoin to whichever centralized exchange you bought them from with a KYCed account, sell them, withdraw your fiat, close your account, and then take that fiat over to Bisq and buy completely unrelated non-KYC bitcoin.