Topic: CoinJoin: Bitcoin privacy for the real world (Read 294493 times)
As far as I’m concerned, I eat healthily overall every day, but I regularly treat myself to cake and cheat meals. As the year has gone by, I have probably seen my body tone up a bit, and I’ve lost some weight. But I haven’t turned into a fitness machine, and probably you won’t either. Seeing noticeable and lasting results often requires more intensity and a flawless lifestyle.
As far as I’m concerned, I eat healthily overall every day, but I regularly treat myself to cake and cheat meals. As the year has gone by, I have probably seen my body tone up a bit, and I’ve lost some weight. But I haven’t turned into a fitness machine, and probably you won’t either. Seeing noticeable and lasting results often requires more intensity and a flawless lifestyle.
I followed your advises, and we'll see if someone will reply in some way.
Thanks
Thanks
I was curious so i decided to open https://bobwallet.github.io/ and trying it (without deposit, obviously). Here's what i found:
1. When i click "Start BTC", my browser ask me to download file "bob_backup.txt" which contain public and private seed (i'm not sure what it means), which could be used to restore your Bitcoin if you still have the file.
2. The page make request https://tbtc.bobwallet.fun and looks like it's been down for long time. It might be the cause CoinJoin process cannot be done.
Edit: this is the content of bob_backup.txt that i downloaded.
Code:
{"settings":{"version":"0.2.3","routeTab":"Public","publicSeed":"change ability asset bullet color urge mad twice tobacco polar where robot","privateSeed":"change ability asset bullet color urge mad twice tobacco polar where robot","publicIndex":0,"privateIndex":0,"changeIndex":0,"serverAddress":"https://tbtc.bobwallet.fun","chain":"tBTC","lastBackup":1603618430000,"successfulRounds":0,"failedRounds":0,"totalFees":0,"feesPerByte":null,"created":1603618429400},"completedRounds":[]}
Tidy version :
Code:
{
"settings": {
"version": "0.2.3",
"routeTab": "Public",
"publicSeed": "change ability asset bullet color urge mad twice tobacco polar where robot",
"privateSeed": "change ability asset bullet color urge mad twice tobacco polar where robot",
"publicIndex": 0,
"privateIndex": 0,
"changeIndex": 0,
"serverAddress": "https://tbtc.bobwallet.fun",
"chain": "tBTC",
"lastBackup": 1603618430000,
"successfulRounds": 0,
"failedRounds": 0,
"totalFees": 0,
"feesPerByte": null,
"created": 1603618429400
},
"completedRounds": []
}
If you notice, BobWallet choose testnet by default. But the mainnet behave similarry with testnet, with one difference where it makes request to https://btc.bobwallet.fun instead.
I followed your advises, and we'll see if someone will reply in some way.
Thanks
If you get no reply in a reasonable amount of time I would go as far as opening a thread in the Scam Accusation board. Better be safe than sorry. Thanks
I followed your advises, and we'll see if someone will reply in some way.
Thanks
Thanks
Anyone knows how to contact someone's at Bob Wallet? https://bobwallet.github.io/
It was a candidate for the bounty, and I used the service recently but it seams that it won't work and will be nice if I can talk to someone to recover the coins.
Thanks
It was a candidate for the bounty, and I used the service recently but it seams that it won't work and will be nice if I can talk to someone to recover the coins.
Thanks
Quote
deanonymization could be easier
I didn't think mainly about deanonymization, rather I thought about confirming more transactions per block without increasing the maximum block size. It could be especially useful when we have something like this in mempool:Quote
deanonymization could be easier
I didn't think mainly about deanonymization, rather I thought about confirming more transactions per block without increasing the maximum block size. It could be especially useful when we have something like this in mempool:A -> B -> C -> D -> E -> F -> G
Then, the miner could create a "CoinJoin proposal" like this:
A -> G
And if A will sign it, the miner will save some space. If not, the miner could propose something else, for example:
A -> B -> G
Of course, when we have N transactions in mempool, there are 2^N-(N+1) possible combinations of such "CoinJoin proposals". To avoid spam, we can add some nonce and difficulty to them (since such proposals are "not-yet-signed-by-all-participants" transactions). And if the miner won't collect all needed signatures, it can still use the original non-CoinJoin transactions.
What do you think about BIG CoinJoin transactions? For example as big as adding one more input or output would exceed the maximum block size, so the newly mined block will finally contain nothing more than one huge CoinJoin transaction.
I believe hv_ has a point. A user must still be careful, and manage his UTXOs well to maintain its privacy after CoinJoin.
Would it create a "dark pool"? I do not know, maybe, but consolidating your coinjoined coins with non-coinjoined coins might remove the privacy gained.
Would it create a "dark pool"? I do not know, maybe, but consolidating your coinjoined coins with non-coinjoined coins might remove the privacy gained.
In (coming?) the world wide adoption path all other Banks (except Carlton) will prefere the more transparent blockchains - so all tainted and on purpose more ano chains will be dismissed from that path.
You obviously do not know your audience.No need to reply to his post. He's a BSV shill.
In (coming?) the world wide adoption path all other Banks (except Carlton) will prefere the more transparent blockchains - so all tainted and on purpose more ano chains will be dismissed from that path.
You obviously do not know your audience. Wouldn't you guys not just create a 'dark' pool here where only dark / gray coins are getting mixxed with each other and no reasonable one will use that for anything good after ?
Privacy and/or anonymity work both ways round.
- People use privacy to do bad things because good people are stopping them otherwise
- People use privacy to do good things because bad people are stopping them otherwise
In (coming?) the world wide adoption path all other Banks (except Carlton) will prefere the more transparent blockchains - so all tainted and on purpose more ano chains will be dismissed from that path.
Wouldn't you guys not just create a 'dark' pool here where only dark / gray coins are getting mixxed with each other and no reasonable one will use that for anything good after ?
Privacy and/or anonymity work both ways round.
- People use privacy to do bad things because good people are stopping them otherwise
- People use privacy to do good things because bad people are stopping them otherwise
Wouldn't you guys not just create a 'dark' pool here where only dark / gray coins are getting mixxed with each other and no reasonable one will use that for anything good after ?
It ends up trivially identifiable whose outputs are whose based on the observed offers?
It would definitely be interesting to see what the more developed tools say about it.
I can pretty much guarantee you that it will have zero effect in confusing more advanced tools. I've tested way more complex and advanced things to try trick up analysis, and it's not easy. Sometimes even I'll momentarily fool it, but later it'll "back propagate" (correct term??) information from how the outputs are spent (and associated clustering), to get a better understanding of the transaction. Like I've seen them reliably determine which outputs are change, in settings that should be impossible.
Taking bustabit as an example, it does smart partial batching so it frequently sends transactions with: (1 payment, 1 change) and (2 payments, 0 change). Naively they are indistinguishable, but in reality analysis software has proven to have almost no problems distinguishing once it's been able to collect enough information after they're spent.
---
If you want to trick analysis software, pretty much a prerequisite is reasonably uniform wallet behavior (now is a joke...) and good practices (e.g. avoiding address reuse as much as possible). This will create an environment where there's a lot less "redundancy" (??) in the analysis, such that it has to lean on increasingly fragile assumptions. And then (and only then really) you can be cute and do something like a bustapay/p2ep or import/export a reused address output from/to a friend or something.
Now they'll probably realize you broke their models, but it'll be too hard to figure out (short of having law enforcement contact you for help declustering
).But yeah, if you just got two very strongly clustered wallets with different behavior and created a single coinjoin between them (even if it was undetectably a coinjoin...) it's not really going to get you anywhere against advanced analysis (although it'll confuse something like walletexplorer, which maybe is something you want to do).
Quote
Another demonstration of the fragility of blockchain analysis.
While I realize you just meant it as a light "fun fact", I think it's worth pointing out that walletexplorer is very primitive and semi? unmaintained -- and you won't be able to trick any serious analysis tool with a coinjoin like that. [Although coinjoins can do an amazing job at tricking them! But you really need the coinjoin to look like a normal transaction for that]
You're right that is fairly primitive but many people still use it and it has some influence. During the QuadrigaCX exchange hack affair in early-2019 some people used walletexplorer to find that exchange's hot wallet, some of the transactions go to and from the CoinJoinMess cluster (which then was called MtGoxAndOthers). When this was found a bunch of people were posting that QuadrigaCX was receiving money from MtGox(!) They carried on until they were informed that it's only the coinjoin cluster.
I wouldn't say its completely trivial to detect that something is odd with the coinjoin bounty payout. The inputs use multiple address types, but Samourai wallet and Bitcoin Core also sometimes do this so it's not evidence of non-coinjoin behaviour. Also there are many equal-valued outputs, but the transaction doesn't match the style of JoinMarket or Wasabi transactions (there are far more equal-valued outputs than inputs for example). It would definitely be interesting to see what the more developed tools say about it.
Quote
Another demonstration of the fragility of blockchain analysis.
While I realize you just meant it as a light "fun fact", I think it's worth pointing out that walletexplorer is very primitive and semi? unmaintained -- and you won't be able to trick any serious analysis tool with a coinjoin like that. [Although coinjoins can do an amazing job at tricking them! But you really need the coinjoin to look like a normal transaction for that]
Fun fact: because the CoinJoin bounty payout transaction to JoinMarket and Wasabi wallet was itself a coinjoin transaction with specially chosen inputs, the wallet clustering site walletexplorer.com now thinks that the coinjoin bounty address belongs to the largest wallet cluster (which used to be called MtGoxAndOthers and is now called CoinJoinMess)
https://www.walletexplorer.com/wallet/CoinJoinMess?from_address=3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk
The cluster contains nearly 9 million transactions and over 3.5 million addresses, including of course the CoinJoin bounty multisig address itself. Another demonstration of the fragility of blockchain analysis.
https://www.walletexplorer.com/wallet/CoinJoinMess?from_address=3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk
The cluster contains nearly 9 million transactions and over 3.5 million addresses, including of course the CoinJoin bounty multisig address itself. Another demonstration of the fragility of blockchain analysis.
Jump to: