Pages:
Author

Topic: CoinJoin: Bitcoin privacy for the real world (Read 294672 times)

brand new
Activity: 0
Merit: 0
December 27, 2020, 11:21:42 PM
As far as Im concerned, I eat healthily overall every day, but I regularly treat myself to cake and cheat meals. As the year has gone by, I have probably seen my body tone up a bit, and Ive lost some weight. But I havent turned into a fitness machine, and probably you wont either. Seeing noticeable and lasting results often requires more intensity and a flawless lifestyle.
brand new
Activity: 0
Merit: 0
As far as Im concerned, I eat healthily overall every day, but I regularly treat myself to cake and cheat meals. As the year has gone by, I have probably seen my body tone up a bit, and Ive lost some weight. But I havent turned into a fitness machine, and probably you wont either. Seeing noticeable and lasting results often requires more intensity and a flawless lifestyle.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I followed your advises, and we'll see if someone will reply in some way.

Thanks

I was curious so i decided to open https://bobwallet.github.io/ and trying it (without deposit, obviously). Here's what i found:
1. When i click "Start BTC", my browser ask me to download file "bob_backup.txt" which contain public and private seed (i'm not sure what it means), which could be used to restore your Bitcoin if you still have the file.
2. The page make request https://tbtc.bobwallet.fun and looks like it's been down for long time. It might be the cause CoinJoin process cannot be done.

Edit: this is the content of bob_backup.txt that i downloaded.

Code:
{"settings":{"version":"0.2.3","routeTab":"Public","publicSeed":"change ability asset bullet color urge mad twice tobacco polar where robot","privateSeed":"change ability asset bullet color urge mad twice tobacco polar where robot","publicIndex":0,"privateIndex":0,"changeIndex":0,"serverAddress":"https://tbtc.bobwallet.fun","chain":"tBTC","lastBackup":1603618430000,"successfulRounds":0,"failedRounds":0,"totalFees":0,"feesPerByte":null,"created":1603618429400},"completedRounds":[]}

Tidy version :

Code:
{
  "settings": {
    "version": "0.2.3",
    "routeTab": "Public",
    "publicSeed": "change ability asset bullet color urge mad twice tobacco polar where robot",
    "privateSeed": "change ability asset bullet color urge mad twice tobacco polar where robot",
    "publicIndex": 0,
    "privateIndex": 0,
    "changeIndex": 0,
    "serverAddress": "https://tbtc.bobwallet.fun",
    "chain": "tBTC",
    "lastBackup": 1603618430000,
    "successfulRounds": 0,
    "failedRounds": 0,
    "totalFees": 0,
    "feesPerByte": null,
    "created": 1603618429400
  },
  "completedRounds": []
}

If you notice, BobWallet choose testnet by default. But the mainnet behave similarry with testnet, with one difference where it makes request to https://btc.bobwallet.fun instead.
legendary
Activity: 2310
Merit: 1422
I followed your advises, and we'll see if someone will reply in some way.

Thanks
If you get no reply in a reasonable amount of time I would go as far as opening a thread in the Scam Accusation board. Better be safe than sorry.
newbie
Activity: 3
Merit: 0
I followed your advises, and we'll see if someone will reply in some way.

Thanks
newbie
Activity: 3
Merit: 0
Anyone knows how to contact someone's at Bob Wallet?  https://bobwallet.github.io/ 

It was a candidate for the bounty, and I used the service recently but it seams that it won't work and will be nice if I can talk to someone to recover the coins.

Thanks
staff
Activity: 4284
Merit: 8808
Quote
deanonymization could be easier
I didn't think mainly about deanonymization, rather I thought about confirming more transactions per block without increasing the maximum block size. It could be especially useful when we have something like this in mempool:
https://bitcointalksearch.org/topic/transaction-cut-through-281848
copper member
Activity: 821
Merit: 1992
Quote
deanonymization could be easier
I didn't think mainly about deanonymization, rather I thought about confirming more transactions per block without increasing the maximum block size. It could be especially useful when we have something like this in mempool:

A -> B -> C -> D -> E -> F -> G

Then, the miner could create a "CoinJoin proposal" like this:

A -> G

And if A will sign it, the miner will save some space. If not, the miner could propose something else, for example:

A -> B -> G

Of course, when we have N transactions in mempool, there are 2^N-(N+1) possible combinations of such "CoinJoin proposals". To avoid spam, we can add some nonce and difficulty to them (since such proposals are "not-yet-signed-by-all-participants" transactions). And if the miner won't collect all needed signatures, it can still use the original non-CoinJoin transactions.
copper member
Activity: 821
Merit: 1992
What do you think about BIG CoinJoin transactions? For example as big as adding one more input or output would exceed the maximum block size, so the newly mined block will finally contain nothing more than one huge CoinJoin transaction.
legendary
Activity: 2898
Merit: 1823
I believe hv_ has a point. A user must still be careful, and manage his UTXOs well to maintain its privacy after CoinJoin.

Would it create a "dark pool"? I do not know, maybe, but consolidating your coinjoined coins with non-coinjoined coins might remove the privacy gained.
legendary
Activity: 2198
Merit: 1989
฿uy ฿itcoin
In (coming?) the world wide adoption path all other Banks (except Carlton) will prefere the more transparent blockchains - so all tainted and on purpose more ano chains will be dismissed from that path. 
You obviously do not know your audience.

No need to reply to his post. He's a BSV shill.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
In (coming?) the world wide adoption path all other Banks (except Carlton) will prefere the more transparent blockchains - so all tainted and on purpose more ano chains will be dismissed from that path. 
You obviously do not know your audience.
hv_
legendary
Activity: 2534
Merit: 1055
Clean Code and Scale
Wouldn't you guys not just create a 'dark' pool here where only dark / gray coins are getting mixxed with each other and no reasonable one will use that  for anything good after ?



Privacy and/or anonymity work both ways round.

  • People use privacy to do bad things because good people are stopping them otherwise
  • People use privacy to do good things because bad people are stopping them otherwise

In (coming?) the world wide adoption path all other Banks (except Carlton) will prefere the more transparent blockchains - so all tainted and on purpose more ano chains will be dismissed from that path. 
legendary
Activity: 3430
Merit: 3080
Wouldn't you guys not just create a 'dark' pool here where only dark / gray coins are getting mixxed with each other and no reasonable one will use that  for anything good after ?



Privacy and/or anonymity work both ways round.

  • People use privacy to do bad things because good people are stopping them otherwise
  • People use privacy to do good things because bad people are stopping them otherwise
hv_
legendary
Activity: 2534
Merit: 1055
Clean Code and Scale
Wouldn't you guys not just create a 'dark' pool here where only dark / gray coins are getting mixxed with each other and no reasonable one will use that  for anything good after ?

copper member
Activity: 37
Merit: 0
It ends up trivially identifiable whose outputs are whose based on the observed offers?
legendary
Activity: 1463
Merit: 1886
It would definitely be interesting to see what the more developed tools say about it.

I can pretty much guarantee you that it will have zero effect in confusing more advanced tools. I've tested way more complex and advanced things to try trick up analysis, and it's not easy. Sometimes even I'll momentarily fool it, but later it'll "back propagate" (correct term??) information from how the outputs are spent (and associated clustering), to get a better understanding of the transaction. Like I've seen them reliably determine which outputs are change, in settings that should be impossible.

Taking bustabit as an example, it does smart partial batching so it frequently sends transactions with: (1 payment, 1 change) and (2 payments, 0 change).  Naively they are indistinguishable, but in reality analysis software has proven to have almost no problems distinguishing once it's been able to collect enough information after they're spent.

---

If you want to trick analysis software, pretty much a prerequisite is reasonably uniform wallet behavior (now is a joke...) and good practices (e.g. avoiding address reuse as much as possible). This will create an environment where there's a lot less "redundancy" (??) in the analysis, such that it has to lean on increasingly fragile assumptions.  And then (and only then really) you can be cute and do something like a bustapay/p2ep  or import/export a reused address output from/to a friend or something.

Now they'll probably realize you broke their models, but it'll be too hard to figure out (short of having law enforcement contact you for help declustering Grin).


But yeah, if you just got two very strongly clustered wallets with different behavior and created a single coinjoin between them (even if it was undetectably a coinjoin...) it's not really going to get you anywhere against advanced analysis (although it'll confuse something like walletexplorer, which maybe is something you want to do).
sr. member
Activity: 261
Merit: 523
Quote
Another demonstration of the fragility of blockchain analysis.

While I realize you just meant it as a light "fun fact", I think it's worth pointing out that walletexplorer is very primitive and semi? unmaintained -- and you won't be able to trick any serious analysis tool with a coinjoin like that. [Although coinjoins can do an amazing job at tricking them! But you really need the coinjoin to look like a normal transaction for that]

You're right that is fairly primitive but many people still use it and it has some influence. During the QuadrigaCX exchange hack affair in early-2019 some people used walletexplorer to find that exchange's hot wallet, some of the transactions go to and from the CoinJoinMess cluster (which then was called MtGoxAndOthers). When this was found a bunch of people were posting that QuadrigaCX was receiving money from MtGox(!) They carried on until they were informed that it's only the coinjoin cluster.

I wouldn't say its completely trivial to detect that something is odd with the coinjoin bounty payout. The inputs use multiple address types, but Samourai wallet and Bitcoin Core also sometimes do this so it's not evidence of non-coinjoin behaviour. Also there are many equal-valued outputs, but the transaction doesn't match the style of JoinMarket or Wasabi transactions (there are far more equal-valued outputs than inputs for example). It would definitely be interesting to see what the more developed tools say about it.
legendary
Activity: 1463
Merit: 1886
Quote
Another demonstration of the fragility of blockchain analysis.

While I realize you just meant it as a light "fun fact", I think it's worth pointing out that walletexplorer is very primitive and semi? unmaintained -- and you won't be able to trick any serious analysis tool with a coinjoin like that. [Although coinjoins can do an amazing job at tricking them! But you really need the coinjoin to look like a normal transaction for that]
sr. member
Activity: 261
Merit: 523
Fun fact: because the CoinJoin bounty payout transaction to JoinMarket and Wasabi wallet was itself a coinjoin transaction with specially chosen inputs, the wallet clustering site walletexplorer.com now thinks that the coinjoin bounty address belongs to the largest wallet cluster (which used to be called MtGoxAndOthers and is now called CoinJoinMess)

https://www.walletexplorer.com/wallet/CoinJoinMess?from_address=3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk

The cluster contains nearly 9 million transactions and over 3.5 million addresses, including of course the CoinJoin bounty multisig address itself. Another demonstration of the fragility of blockchain analysis.
Pages:
Jump to: