Pages:
Author

Topic: Double Mixer: Mix your Bitcoin with two mixers in series - page 2. (Read 1562 times)

sr. member
Activity: 391
Merit: 333
Thanks mate for the update!

For the time being, we implemented a very hacky solution that doesn't work so well and breaks easily.

That's nice to see that there is some progress at this project. I quickly had a look at your code and it looks promising and well structured!

I'm currently very busy with other parts of the project.
If we have some time and our team decides to focus on the browser-based mixing again, we'll test your code more in depth and cross-platform. We still think this is a huge topic and the implementation with FoxMixer on client/browser-side would be a plus for privacy in our project.

Glad to hear that, thank you! I hope it works out for you.
newbie
Activity: 6
Merit: 4

Sorry for the wait! Just the JS version working with FoxMixer: https://github.com/teran-mckinney/doublemixer-js

Haven't checked it for browser compatibility. I hope this isn't too late and that it still helps.

Thanks mate for the update!

For the time being, we implemented a very hacky solution that doesn't work so well and breaks easily.

That's nice to see that there is some progress at this project. I quickly had a look at your code and it looks promising and well structured!

I'm currently very busy with other parts of the project.
If we have some time and our team decides to focus on the browser-based mixing again, we'll test your code more in depth and cross-platform. We still think this is a huge topic and the implementation with FoxMixer on client/browser-side would be a plus for privacy in our project.
sr. member
Activity: 391
Merit: 333
Ok, I see. A multi-address approach is possibly too complicated and error prone for daily use.

I'm in a team operating a browser-based bitcoin wallet focused on privacy and I'm currently thinking about integrating your implementation of the client-side part of foxmixer into this wallet. Basically, the idea would be that whenever a user wants to withdraw funds from his wallet, he gets to choose whether to withdraw directly or using the foxmixer browser-based mixing.
By doing all of this client-side, it is more transparent to the users what is happening and it is not hidden behind secret server calls of the wallet.

Do you have any experience on how well your client works in different browsers?

That's pretty cool. I honestly haven't tested it, it's just prototype code. I can work on it and bit more and see.

Generally, my JS is geared towards the latest browsers. I don't bother writing anything for IE 7 compatibility, etc. But honestly if you have an in-browser Bitcoin wallet, they probably should be running latest versions anyways.

I think this is a great idea, let me know if you implement it.
newbie
Activity: 6
Merit: 4

Thanks for your reply!

Both the CLI and browser versions are client side only and don't rely on anything other than the existing mixing services.

Very rudimentary, only one backend is working. Most mixers don't add CORS headers and I haven't pursued having them add it a whole lot let yet.

https://github.com/teran-mckinney/doublemixer-js

Yeah, definitely possible to go to an intermediate address. I've used this setup a few times and never had an issue but have been aware of it as well. IMO: the mixer needs to honor their guarantees and if they don't, you can go after them with that. But you're right, if a payment is way too late, it doesn't work out. I've tried to set the delays to be pretty conservative to help with that.

What I like is that how it is, it's one shot. No polling, etc. Super simple, little to break on the client's side. No actual coin handling there. Intermediate step could be done with WalkingLiberty. It would add another "interaction" that might help track users at a network level, but if using Tor, should be fine.

If you really wanted to do that now, after installing doublemixer you'll get `foxmixer`, `bitmix`, and `privcoin`. You can mix with one of those into a `walkingliberty` wallet, then mix out to where you really want to go. Personally, as I've yet to have a problem I'm not too concerned yet. If moving a lot of money it would be more of a concern but again, haven't seen any issues yet.

Ok, I see. A multi-address approach is possibly too complicated and error prone for daily use.

I'm in a team operating a browser-based bitcoin wallet focused on privacy and I'm currently thinking about integrating your implementation of the client-side part of foxmixer into this wallet. Basically, the idea would be that whenever a user wants to withdraw funds from his wallet, he gets to choose whether to withdraw directly or using the foxmixer browser-based mixing.
By doing all of this client-side, it is more transparent to the users what is happening and it is not hidden behind secret server calls of the wallet.

Do you have any experience on how well your client works in different browsers?
sr. member
Activity: 391
Merit: 333
Thumbs up for the idea of a client-side only version.
That would open the plugin to the world of web developers.
Is there already some work on this that you can showcase?

Just had the same concerns as quickseller mentioned in his post:

I would advise against doing this.

Both mixing services are only guaranteeing the address will be valid for a limited amount of time. If there is a problem/delay with the 1st mixing service that causes the transaction to confirm after the cutoff time for the 2nd mixing service, or if multiple transactions are sent from the first mixing service with the last one being after the cutoff, then the second mixing service may not send you your money. This would be a real problem because some mixing services periodically delete their private keys associated with zero balance addresses in order to protect privacy of their users in case a government agency finds their servers.

The following idea to resolve this just came to mind:

Would it be possible to have the intermediate payout of the first mixer that should go into the second mixer go to an intermediate address that is owned by me (client-side) instead?
Only if the payment arrives at this intermediate address the second mixer is triggered and the payment is redirected to it.
Of course, this mode of mixing only works if the client stays alive and watches the intermediate address throughout the process.

This way of handling it would defeat the risk of a mixer taking longer than expected resulting in the payment not arriving at the second mixer in time.

Thanks for your reply!

Both the CLI and browser versions are client side only and don't rely on anything other than the existing mixing services.

Very rudimentary, only one backend is working. Most mixers don't add CORS headers and I haven't pursued having them add it a whole lot let yet.

https://github.com/teran-mckinney/doublemixer-js

Yeah, definitely possible to go to an intermediate address. I've used this setup a few times and never had an issue but have been aware of it as well. IMO: the mixer needs to honor their guarantees and if they don't, you can go after them with that. But you're right, if a payment is way too late, it doesn't work out. I've tried to set the delays to be pretty conservative to help with that.

What I like is that how it is, it's one shot. No polling, etc. Super simple, little to break on the client's side. No actual coin handling there. Intermediate step could be done with WalkingLiberty. It would add another "interaction" that might help track users at a network level, but if using Tor, should be fine.

If you really wanted to do that now, after installing doublemixer you'll get `foxmixer`, `bitmix`, and `privcoin`. You can mix with one of those into a `walkingliberty` wallet, then mix out to where you really want to go. Personally, as I've yet to have a problem I'm not too concerned yet. If moving a lot of money it would be more of a concern but again, haven't seen any issues yet.

Brilliant idea.
My question, will this be secure for transaction.

Thank you! What do you mean?
newbie
Activity: 6
Merit: 4
Thumbs up for the idea of a client-side only version.
That would open the plugin to the world of web developers.
Is there already some work on this that you can showcase?

Just had the same concerns as quickseller mentioned in his post:

I would advise against doing this.

Both mixing services are only guaranteeing the address will be valid for a limited amount of time. If there is a problem/delay with the 1st mixing service that causes the transaction to confirm after the cutoff time for the 2nd mixing service, or if multiple transactions are sent from the first mixing service with the last one being after the cutoff, then the second mixing service may not send you your money. This would be a real problem because some mixing services periodically delete their private keys associated with zero balance addresses in order to protect privacy of their users in case a government agency finds their servers.

The following idea to resolve this just came to mind:

Would it be possible to have the intermediate payout of the first mixer that should go into the second mixer go to an intermediate address that is owned by me (client-side) instead?
Only if the payment arrives at this intermediate address the second mixer is triggered and the payment is redirected to it.
Of course, this mode of mixing only works if the client stays alive and watches the intermediate address throughout the process.

This way of handling it would defeat the risk of a mixer taking longer than expected resulting in the payment not arriving at the second mixer in time.
sr. member
Activity: 391
Merit: 333
sr. member
Activity: 391
Merit: 333
Just wanting to do a feeler. How many of you would use this if it were done all client side in a browser? Clearnet site and hidden .onion. Javascript, of course.
sr. member
Activity: 391
Merit: 333
Nice idea, now we only need to worry if either mixer steal our coins or both mixer system completely de-anonymized.

While i doubt i'll use 2 mixers, any thoughts to add parameter/argument for time delay (since i only saw currency and output_address param on your code)?

Absolutely no warranties expressed or implied, no liability on the author's behalf, etc.

Then you might want use MIT License (or any license where user cannot hold liable to author) on your GitHub repository.

The different APIs take pretty different arguments with time delay. Some are in minutes, some hours, some hours but only allow integer and not float. I could maybe normalize them and use hours, but making it int if they don't support float. The values I selected are trying to be sane defaults.

Unlicense has a liability clause:
Quote
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
copper member
Activity: 322
Merit: 0
Hello, you could also add BitCloak mixer to the list as it has a very good api.
https://bitcloak43blmhmn.com/api

Ah, thank you. Did not know they had an API. I think that will be the next one on the list.

Please add our service as well. Here is a link to our API http://www.bitmaximumgnmsaf.onion/en/api Our service will secure your chain.
legendary
Activity: 2758
Merit: 6830
Looks like ChipMixer's maintenance is over.

Quick update for those who encountered maintenance mode

1. Maintenance is over and everything works except
2. Sweeping is still broken and maintenance did not help. Please use private keys yourself (as we always encourage) instead of sweeping with website for now.


The API is returning the right results now.
sr. member
Activity: 391
Merit: 333
Hello, you could also add BitCloak mixer to the list as it has a very good api.
https://bitcloak43blmhmn.com/api

Ah, thank you. Did not know they had an API. I think that will be the next one on the list.
newbie
Activity: 20
Merit: 0
Hello, you could also add BitCloak mixer to the list as it has a very good api.
https://bitcloak43blmhmn.com/api
sr. member
Activity: 391
Merit: 333
Looks like the whole service is in maintenance (not just the API). I just visited the website (ChipMixer.com) and tried to create a new session. The same message appeared for me.

Just wait a few hours. Tongue

Ok Smiley

------

New version, 0.0.3. Now randomly selects two of Bitmix, Privcoin, and Foxmixer. Both the mixer selection and ordering is random.

To upgrade:
Code:
pip3 install -U doublemixer
legendary
Activity: 2758
Merit: 6830
Hmm, interesting.

Tried https://chipmixer.com/api/v1/new_session and it says it's in maintenance mode at the moment.
Looks like the whole service is in maintenance (not just the API). I just visited the website (ChipMixer.com) and tried to create a new session. The same message appeared for me.

Just wait a few hours. Tongue
sr. member
Activity: 391
Merit: 333
Maybe it could be the final destination.

Your Address -> Some mixer -> ChipMixer.
Or Your Adress -> Some mixer -> Some other mixer -> ChipMixer.

Hmm, interesting.

Tried https://chipmixer.com/api/v1/new_session and it says it's in maintenance mode at the moment.
legendary
Activity: 2758
Merit: 6830
I haven't looked as much into Chipmixer. I think it would not fit as easily in the double mixing model, given the sizing of the chips.

I will most likely add some of the more "traditional" ones if I see any traction with what I've already written.
Maybe it could be the final destination.

Your Address -> Some mixer -> ChipMixer.
Or Your Adress -> Some mixer -> Some other mixer -> ChipMixer.
sr. member
Activity: 391
Merit: 333
Thank you all for your feedback!

More mixers should make python libraries,it would be awesome if you could add Chipmixer and bestmixer.

Bestmixer requires an API key per user. I contacted them about this and they didn't seem interested in opening up the API.

I haven't looked as much into Chipmixer. I think it would not fit as easily in the double mixing model, given the sizing of the chips.

I will most likely add some of the more "traditional" ones if I see any traction with what I've already written.
legendary
Activity: 2758
Merit: 6830
More mixers should make python libraries,it would be awesome if you could add Chipmixer and bestmixer.
Also for @OP: ChipMixer actually has an API. They never publicized this everywhere but they had an Electrum plugin to make the mixing work natively in the wallet.

This is the base URL: https://chipmixer.com/api/v1/

AFAIK, there is no API Doc, but you should be able to get everything you need from their Electrum plugin source code: https://github.com/chipmixer/electrum/tree/plugin/plugins/chipmixer

For example: https://chipmixer.com/api/v1/new_session
This creates a new session and returns a JSON with the token and the deposit address;

Looks like it's still working.
legendary
Activity: 1059
Merit: 1020
Interesting project but there is still a little risk to lose funds if one of the mixing services turns out as a scam. Perhaps, it is a good idea to connect your project with a decentralized mixer like CoinJoin to reinforce the security. All in all, good job. I hope to see more projects.
Pages:
Jump to: