I created an issue in Samourai's repo to have a warning shown to users that they were trusting Samourai's developers with all of their financial data and their IP address:
https://web.archive.org/web/20230417145554/https://code.samourai.io/wallet/samourai-wallet-android/-/issues/458However, Samourai insisted that they would not provide any information to the user whatsoever that they are being spied on by their Bitcoin wallet app and any PR created that warns users about the data they are leaking would not be merged.
Samourai is truly a despicable project. These assholes intentionally created a huge honeypot of Bitcoiner personal data and then handed it over to the feds.
Run your own node. That's the only way to ensure privacy of your transactions. Anyone else running a node for you can see every transaction you broadcast and potentially any blockfilter you use to scan for your address transactions for assuming Samourai has used such a feature. I know it might sound hard but even a pruned node would suffice in this situation.
If you know you can not run your own node, you can go for the less private but still anonymous way by using Tor. You can use SPV wallet like Electrum and enable Tor. This is not as private as running your own node with Tor but it is better and still anonymous as you are not connecting directly with your IP address.
If you want to enhance your privacy, start with a full noed, make contact always via Tor not looking for your address in the blocs of the blocs and then without being a government agency you want to really follow you, you are safe.
You don't need to run a node for privacy. Light wallets like Wasabi, Zeus, Blixt, and Breez all use
BIP157/
BIP158 compact block filters. These filters allow you to sync all of the addresses in your wallet without sharing identifiable data with anyone else's full node.
(and send your deanonymoized coins through a mixer since nobody is able to determine what outputs go to what inputs, only the fact that you had used a mixer.)
You mean send your deanonymized coins through a
coinjoin. A "mixer" is a scamming website that has complete knowledge over which inputs go to which outputs, just like Samourai.
How can they do that? The whirlpool server is shutdown, we all know about the recent events. A Sybil attack requires the authorities to continue running whirlpool, as if nothing happened.
Samourai was performing the Sybil attack themselves since they designed their wallet to collect the xpub addresses and IP addresses of their customers. Now the Feds inherit all the data Samourai collected from this attack.