Topic: Open source mixers? (Read 260 times)

You're right there, those wallets improves privacy for your normal transactions, but they don't remove the blockchain trail at all. So if pure privacy is what you are seeking, it would be enough.

But I would say that it makes the link between A and B impossible to prove association. That is, by ensuring every ABC => pay => XYZ, you then show that just because you are A doesn't mean you've paid to X or Y. Sort of like if you've deposited ABC into a bank and the bank washes money for XYZ, the only proven association between ABC's money is that they use the same bank.

On the other hand, especially with a low-volume mixer or a mixer that doesn't practise very careful habits, you might get flagged for using a mixer just because of easily traced addresses and wallet associations. Though I should say that because there aren't that many users on Wasabi or Samourai yet, there's possibly the same risk of being easily associated anyway.

So yeah, definitely, if you want to disassociate, you want a mixer. And a good mixer, at that. Preferably one that has highly customisable and randomisable elements.

Regarding wasabiwallet, if i'm not mistaking, they're using coinjoin.

In a non-technical way, coinjoin is basically "combining" transactions. 

Without coinjoin:
Me => pays => Bob
Alice => pays => Ben
Tom => pays => Burt

With coinjoin:
Me, Alice and Tom => pay => Bob, Ben and Burt

This method improves anonimity, but it's not really the same as a mixer:
My "public" wallet => pays => mixing service
mixing service => pays => my private wallet

With coinjoin, there's still a direct link between Me and Bob, Alice and Ben, Tom and Burt. The thing is that by combining transactions, we've made it harder for people to analyse them. When using a mixer, there should be no link between the deposit and the withdrawal.

What buwaytress said. I really don't think this falls under a "mixer", but if your goal is just to have more untraceability, probably test out Wasabi Wallet[1]. Don't take my word for this on how good or bad it works though, as I'm really not sure if it works better or worse compared to using Mixers, and also because I haven't personally tried it yet. But I've heard good things about it on Twitter and on Reddit.

---

[1] https://wasabiwallet.io/

Probably not exactly what you're looking for but both Wasabi Wallet and Samourai Wallet have some form of mixing features. Both, if I understand well, use some form of Chaumian CoinJoin. I think Wasabi strictly that (a bit iffy now because not enough users but the rough idea is more users help make the mixing better). Samourai I believe combines that in an even more complex manner.

They're both limited I suppose, but get enough users... and they're fully open source.

Lol everything gone over my head however thank you mate for the effort to put all these thoughtful contents. I left you 3 merits on your way. I see an expert in you.

Cheers ;-)

A "classic" mixer isn't that hard.

Basically, you need a hot wallet, potentially with -walletnotify and -blocknotify  and use the json-rpc interface to create a new deposit address. Build a frontend to show this new deposit address and a session key to your customer, if you want to you can let him chose a fee, multiple withdrawal addresses, a timeout,... You can even let him/her enter previous session key(s) to make sure he doesn't receive funds he deposited at an earlyer session.

Either use the walletnotify and blocknotify scripts or run a cronjob every x minutes to check if the address is funded and has sufficient confirmations.

Once the address is funded, and has sufficient confirmations, you can call a script that uses the json-rpc interface lockunspent and listlockunspent to lock/unlock unspent outputs you do not want to use when paying your customer. Lock the unspent output that funds the deposit address, then use sendtoaddress to pay the receiver. Once the client has been payed, make sure to update your relational database record to reflect the payment has been made (or even better, delete the record after payment).

Offcourse, the "payment" script can have a lot more intelligence if you want to, you can delay payments, group payments, if you have txindex or addressindex, you can even start digging into the unspent output and lock unspent outputs that can be tied to the initial funding transaction, you can try to find out which addresses should belong to the same wallet, you can lock unspent outputs for any reason. Just make sure you unlock the unspent outputs after each "order" has been completed.

The big "downside" of running a mixer is that you need a huge hotwallet, you need a lot more funds in your hotwallet than the maximum amount you're willing to mix. Also, you need to make sure all traces are removed (logs, records,...), you have to make sure everything is kept on encrypted disks, you have to make sure TLS is used,...

I would defenately go for a 3 server setup:
A "dumb" frontend server
A database server
A backend server with the hot wallet, and the payment script

All communication between the 3 machines should go over TLS, all data in the database should be encrypted (potentially PGP, with a dedicated private key for each machine, and distributed public keys). You can even put the database machine on an unrouted VLAN, so it cannot be accessed from the web directly.

I do not have much knowledge about mixing process that is why I wanted to know the process. Once you know about the process of something then it's easy to execute programically.

I just don't know the whole idea of the mixing Bitcoin. Anyone would care to give me an article or something which shows the manual process of mixing?

Cheers :-)

Ofcourse you can! Either manually or writing an algorithm to do so. I'm not sure how'd you go about selecting an algorithm but if you have enough knowledge about programming and theoretical knowledge on bitcoin mixing, you can set up your own mixer. The open source code link posted above is a nice example for a head start.

I am wondering can anyone do the mixing by themselves without using a third-party? I am looking for the algorithm of a mixing software. Just curious.

I just skimmed through their src-code and it seems fine. There are no integration or vulnerability tests written for the project which could be a flaw. Have you used this? I like how it gives you the control for selecting the addresses for mixing. I'm looking forward to forking the project and run it locally.

I managed to find PenguinMixer so far, does anyone know how secure is it? It's just for learning purposes for now but I still want to know how good it is.

I found some others but sometimes they're incomplete (just frontend) or decentralized. I'd appreciate If you could link me to some If you know any.