Topic: Privacy wallets (Read 418 times)

Not your keys, not your coins. I don't want to swap my coins for some wrapped token which introduces significant risk in that whichever party issued those wrapped tokens can exit scam me or go bankrupt at any time. Not to mention that using a centralized chain which issues wrapped tokens provides zero privacy.

And directly from the privacy policy:

I'll be avoiding this one, thanks.

How much nodes there are exactly and who operates them, except ''boss'' who created this ''revolutionary'' magical machine with his buddies?
All bridges are centralized and controlled by few amateurs, dand it's going to be like in one old English song...  London Bridge Is Falling Down.
You can believe and use whatever you want, but we are talking about Bitcoin and bitcoin related privacy wallets here.

Correct, they are basically worthless wrapped shit on centralized blockchains, and I really doubt there is any real liquidity there.
Just look back in recent history and see how many ''bridges'' got hacked and coins stolen, how many ''stable'' coins stopped existing, how many ''usable'' exchange tokens like FTT gone to zero.

Technically, Yes. They are shitcoin no matter how wrapped tokens were considered to be utility and liquidity enable they will always be a shitcoin because they contradict the fundamental concept of the Bitcoin mechanism. For example, you yourself classified it to be a "wrapped token"  and tokens are shitcoin.
Ask every genuine Bitcoiner they will tell you wBTC, pBTC, etc are shitcoin.

You and me is coming from the same logic.

Yes, because they are not bitcoin. They are some digits against bitcoin and running in a different chain.

If I may clarify with you both - wrapped tokens that enable utility and are sufficiently liquid are still by default classified as shitcoins here?

When I first saw the site you provided I first thought of it to be another alternative cross chain privacy trading platform for cryptocurrency but I was disappointed when I see that the crypto they provide on are not actual Bitcoin, ETH, etc. What they provide is pBTC, pETH which is a shitcoin.
I think it best I use the privacy wallet and Crypton Exchange when privacy is a top priority since the Crypton Exchange always makes anonymous trading look legit.

I think your post about incognito was a bit one-sided. You must not have gotten very far in your reading.
- Yes, it uses its own blockchain. The mainnet token of their blockchain is used mostly to pay for the fees used to create transactions or using the dex if you are using it only for privacy purposes.
- No, I don't think it directly supports mainnet bitcoin or mainnet monero, other than adding a privacy layer for its users (which is what the OP was asking for). No, it is not centralized, there are plenty of full node operators. No, its tokens and bridges are not worthless, they add privacy to dexes on multiple blockchains.
- There is no requirement to use the token for any other purpose than that. If you do use the bridges or dex, there is usually no slippage as it's liquid. The wallet and pTokens (wrapped cryptos on their privacy chain) are equally as easy to exit back to the original mainnet as they are to enter from the mainnet.

If I understand correctly this Incognito stuff is neither supporting mainnet Bitcoin nor mainnet Monero, and it has some new shitcoin centralized blockchain with worthless tokens, bridges and other crap like that.
I wouldn't call that privacy at all, especially when there are legitimate options for exchanging coins with atomic swaps or using Bisq exchange.

---

Talking about privacy wallets, there is one option that uses Layer 2 Bitcoin statechains, and it's called Mercury wallet.
It's far from perfect, but it's one more privacy tool and developers are actively working on improving code and implementing Lightning Network.

When it comes to privacy, monero should be your go-to solution. That's tried and true. If you want privacy for other blockchains, I definitely recommend checking out the work going on at incognito.org. They are working on some great solutions to add privacy in a legitimate way.

I'm not sure if I am correctly interpreting your question, but I think what you are saying is correct.

If your HD wallet software is connecting to a third party server in order to function (i.e. any wallet which is not running exclusively from your own node), then that software will query that third party server for the balance and transaction history of every address in your wallet. The third party server will then see a bunch of requests for different addresses all showing up at once from the same IP address, and can therefore be almost certain that all those addresses belong to the same wallet and are owned by the same person. If you are using Tor, the third party will see your Tor exit node's IP address; if you are not using Tor (or some other service such as a VPN) the third party will see your IP address.

If you then open a different wallet using the same software and query the same third party server, then that server will again see a bunch of requests for different addresses all showing up at once from the same IP address as before (whether that is a Tor IP address or your own IP address). It is possible then for the third party to link this second wallet to the first wallet by nature of the same IP address.

You can improve on this second problem somewhat by using a different Tor circuit and different third party server for each of your wallets. However, to completely mitigate both problems, then you must have your wallet software collect data exclusively from your own node.

All my confusions were with the response from hosseinimr93. May be this is a misunderstanding. hosseinimr93 is talking about the clear net IP only and I thought he meant both clear net and Tor circuit information as IP.

So now we can fairly say that, the server will know all addresses of an HD wallet will be know from the IP log or TOR circuit exit node information. No?

Correct. So although it may only know the IP address of your Tor exit node and not your real IP address, it can still link all the addresses to each other.

It doesn't. It has no way of knowing in what kind of wallet that address was generated, or indeed, if that address has been generated by a wallet at all. Every possible valid bitcoin address which can exist already exists, and the wider network has absolutely no way of knowing. For example, if I give you this address:

1MJR9fFWBTN6Zh3EGcYMsFnZzqxzKN6rXh

All the network can do is check the address is valid - it has the correct length, the correct character set, a valid checksum, and starts with a valid network byte. It does not know if I have generated the private key for that address in a hot wallet, a cold wallet, a hardware wallet, or indeed, if I have absolutely no idea what the private key is. Until coins are spent from address, the network has no way of knowing if anyone knows the private key at all.

Incidentally, the address above decodes to the pubkeyhash DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF. I have no idea what the private key is, and neither does anyone else.

To add to o_e_l_e_o's reply:
It's also needed that you generate your seed phrase and extract the individual private keys (and addresses for watch-only wallets) on an offline device.
If your HD wallet has connected to a server, your privacy has been already compromised.


The blockchain explorer can't know whether your address belongs to a hot wallet or an offline wallet at all and if you use TOR connection, they won't have any way to link your addresses to your IP address.
But if you search for multiple addresses in a block explorer in a short time, they may conclude that there's a connection between those addresses.

That's what I was asking. The IP or the same tor circuit. When loading it at the same time or even in different time then the server may know based on the IP log or the circuit information.

It brings me the next question.
What about I create an offline wallet. The all online nodes in other words the blockchain does not have my wallet information. I understand when I will send any BTC to any address of the offline wallet, I can not see them on my wallet since it isn't sync. On the blockchain I can see obviously. How the online existed blockchain already figured out the wallet address belongs to an offline wallet that is already created?

An even better option would be to use your Ledger hardware wallet with Electrum, with Electrum pointed at your own Electrum server connected to your own node, thereby bypassing Ledger's software (which could still phone home even when pointed at your own node) altogether.

Additionally to this, if you then open another wallet file, and the same Electrum server sees the same Tor exit node query a second set of addresses just a few minutes after querying the first set, then it is reasonable to conclude that both sets have a common owner.

That's not correct. The server owner will know about all 20 addresses. The only reason your Electrum client knows that the 13 empty addresses are empty is because it sends those 13 empty addresses to the server so the server can check if they have transaction history.

This would require you to connect to a different Electrum server via a different Tor circuit in between querying each and every address. Simply loading each address in a new wallet one by one, while connected to the same servers from the same IP, would result in the same situation I have described above, and the server being able to conclude that all addresses have a common owner.

Sorry I am old school and trying to understand part by part.
I have 20 addresses in my HD wallet.
5 addresses have balance with 5 incoming transactions.
2 addresses had balance but now empty because they were spent by 2 outgoing transactions.
5 and 2 means 7 addresses have transaction history but 13 addresses do not have any transaction history.

Owner of the server will know about 7 addresses, they will not know anything about the 13 addresses.
They will know these 7 addresses because all these 7 transactions will send a single at the same time to the server I guess. But if I extract the private keys of all 7 addresses and individually load one by one address then server will not have any knowledge that all 7 addresses were a part of the same HD wallet.

Please correct me where and which part I got wrong and where I got it correct.

Let's say you have created an HD wallet and have generated 20 addresses.
For getting the transaction history of these 20 addresses, electrum sends them to the server and the owner of the server will know that these 20 addresses belong to the same person.
If you want to protect your privacy without using your own server, you can create a separate wallet for each of addresses, connect to different servers and use a new TOR circuit for opening each of wallets.

My question which perimeters will tell them the addresses belongs to the same person, if it's not the IP history or master public key? In a HD wallet I can not even tell two addresses are from the same wallet if the address formats are same.

With using TOR connection, there is no way for the owner of the server to know your IP address at all. But they can know that the generated addresses belongs to the same person.
They can't know your master public key, because the addresses are derived from the master public key locally.

Based on the IP of the broadcasted transaction or anything else like from the input address they can find the master public key and know all address of the HD wallet?