Author

Topic: Samourai wallet user de-anonymization (Read 494 times)

legendary
Activity: 994
Merit: 1089
May 17, 2024, 12:13:32 PM
#32
That's why I don't care about privacy, the point here is, what other factors are there that we should keep in mind while acquiring anonymity, besides the fact that your government banned crypto in your country, and online sites can use data for showing ads. I would love to hear more.
Each to their own, but privacy is important for more reasons than you have mentioned. I don't know anybody that wants people to know how much they have in their bank account, but unlike money in your bank account, BTC uses a public ledger that anyone can see, and if you lose your privacy completely, people looking closely can see how much money you have in BTC.

You do not need to have something to hide for you to desire privacy, and crypto also does not have to be illegal in your country for you to desire privacy. You simply don't want others to have certain information about you, info that could even be dangerous in the wrong hands.
legendary
Activity: 2730
Merit: 7065
I would rather have a better functioning and more private Bitcoin than being forced to use other altcoins because of their privacy features. I like Monero for everything it has brought to the crypto world, but it's a ticking timebomb of negative news waiting to happen. Where will it be delisted next and what FUD will come out about its use. What will the nation-state enemies decide to do next. You might say, why would you care, they can't take your coins from you anyways. No, they can't, but their decisions can drive the price down 30% or more in a short time-period which isn't pleasant for holders.

That's also why I have mixed feelings about privacy features being added to Bitcoin on a protocol level. It would be nice to see it happen, but at what cost!?
copper member
Activity: 1105
Merit: 459
Eclipse™ Experimental Cryptographic Technology
I wonder if there exists a coin that does not require a mixer? Hmmmmmm

Oh wait, there already exists one!

It's called monero, and it comes no - mixer - required - out - of - the - box -privacy.

Pair this with other l33t hacksor privacy tools and you have freedom money on steroids.



Nobody is denying that Monero has great privacy features. Its existence shouldn’t be a reason to give up on trying to improve Bitcoin’s privacy. This type of rationale is often used by altcoin bag pumpers. "Why use Bitcoin when Bcash is faster and cheaper?" "Why use Bitcoin when Ethereum has smart contracts?" Bitcoin has its own qualities that will make it preferable for some people over the alternatives. These people deserve to have privacy tools at their disposal without being seen as suspicious and developers treated like criminals.

In my personal opinion, the use of mixers SHOULD NOT BE BANNED. People should be able to do with their programable money what they like! If they want to "mix" their coins they should be allowed to do-so, if the technology allows for it they should be able to do it.

It is only the federal spook agents that snear at this thought of people with privacy on bitcoin. Nobody lower than glowie chief general even cares that people are using bitcoin. Most people are also technologically illiterate to the point where sending a bitcoin transaction is equivialant to landing on the moon for them. The know how to send facebook likes but not bitcoins.

You wanna know what the number one platform for child pornography exchange is? It's FACEBOOK! Do you see the glowie pot fed bois arresting Zuck and charging him with CP based on his platform being the number one juicy pot in the world? NO, ZUCK IS FREE.

This is the SAME THING WITH SILK ROAD. ROSS BUILT A SHITTY WEBSITE THAT HAD SOME POT FOR SALE, THAT HE DID NOT EVEN SELL. Now he serve two life sentance. Also it is well known that there were multiple dread pirate roberts.
sr. member
Activity: 1680
Merit: 379
Top Crypto Casino
I wonder if there exists a coin that does not require a mixer? Hmmmmmm

Oh wait, there already exists one!

It's called monero, and it comes no - mixer - required - out - of - the - box -privacy.

Pair this with other l33t hacksor privacy tools and you have freedom money on steroids.



Nobody is denying that Monero has great privacy features. Its existence shouldn’t be a reason to give up on trying to improve Bitcoin’s privacy. This type of rationale is often used by altcoin bag pumpers. "Why use Bitcoin when Bcash is faster and cheaper?" "Why use Bitcoin when Ethereum has smart contracts?" Bitcoin has its own qualities that will make it preferable for some people over the alternatives. These people deserve to have privacy tools at their disposal without being seen as suspicious and developers treated like criminals.
copper member
Activity: 1105
Merit: 459
Eclipse™ Experimental Cryptographic Technology
I wonder if there exists a coin that does not require a mixer? Hmmmmmm

Oh wait, there already exists one!

It's called monero, and it comes no - mixer - required - out - of - the - box -privacy.

Pair this with other l33t hacksor privacy tools and you have freedom money on steroids.

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I would still not have it. That's why I don't care about privacy
I don't see the connection. What makes you not care about your privacy? I neither have a credit card; I hate the concept of borrowing money to spend it on luxuries more than anyone, yet I don't see why I wouldn't want privacy. Bitcoin is a public ledger, open for scrutiny by anyone. Maybe you think you can't be surveilled effectively, and that's why you've adopted this behavior. You would be surprised by how much information an expert can work out by just having your Bitcointalk username and a chain analysis program.
legendary
Activity: 2730
Merit: 7065
but speaking of Binance or any other cex, how can someone know my name on a cex, ok governments might do and the people inside cexs might do other than that can sellers of products and services can see my personal information on some cexs?
Don't forget another important piece of the puzzle. Many CEXs are high-value targets for hackers who try to breech their security and obtain money from their hot wallets or user data of their customers. Some CEXs have been hacked in the past and that will continue in the future as well. Such data can be sold on underground forums or simply be posted publicly for everyone to obtain a copy. If your sensitive information is in that leak, that's how anyone can connect you to certain addresses even without the help of blockchain analysis companies or the cooperation of the site.
hero member
Activity: 1428
Merit: 513
Payment Gateway Allows Recurring Payments
Your offline purchases are usually outside the scope of blockchain analysis, so you don’t have much to worry about there, but then again your credit company has that data, which is why privacy conscious people might prefer using cash due to its fungibility.
I got your point, but dude you won't believe we (means me) are living in the stone age, we don't have the luxury to do online buying here, I can do online shopping from bigger cities but can't do in my nearest city. The point is all of my purchases are offline, I do p2p and convert my funds into fiat and then use them offline. No trace of online shopping left. Although I don't like online shopping. Speaking of credit cards, I don't have it, I hate it. As I don't like the way it works, they make you more spend, take borrow, pay interest, etc. etc. That's why even if I could have the facility to get a credit card in my area, but wouldn't have the facility to use it everywhere but in few shops only.

I would still not have it. That's why I don't care about privacy, the point here is, what other factors are there that we should keep in mind while acquiring anonymity, besides the fact that your government banned crypto in your country, and online sites can use data for showing ads. I would love to hear more.
sr. member
Activity: 1680
Merit: 379
Top Crypto Casino
Point is even if someone is seeing my name on CEXs then how one can know what I am buying, like I might be buying offline. Advertising companies are the ones who uses pur data to show us relevant ads besides I would like to hear more from you. Thanks for the infor btw. Not a gay haha

Blockchain analysis companies entire business depends on being able to deanonymize people’s activity. They can achieve this to an extent by using publicly available information, privately acquiring data, or by using Bitcoin-accepting services and then tracking the flow of funds to match identities to addresses. For example, if you make a deposit on a casino, when those funds get consolidated into a hot wallet they can figure out which specific casino you like to play at.

I’m not saying that by everything being on a transparent blockchain they automatically know every single specific detail about who you are and what items you are buying. It all depends on how motivated somebody is to deanonymize you, every on-chain interaction is a possible clue that could lead to that.

Your offline purchases are usually outside the scope of blockchain analysis, so you don’t have much to worry about there, but then again your credit company has that data, which is why privacy conscious people might prefer using cash due to its fungibility.
hero member
Activity: 1428
Merit: 513
Payment Gateway Allows Recurring Payments
Wanting privacy should not imply that you are doing something bad. On the contrary, wanting to expose so much personal information to the world is what’s unreasonable. Using privacy-focused tools is completely rational and should not be stigmatized.
Well your example is good because if I identify myself as gay (which I'm not) then this example would be worthless for me and your whole point would be gone but don't worry I am not gay or into such buying, but speaking of Binance or any other cex, how can someone know my name on a cex, ok governments might do and the people inside cexs might do other than that can sellers of products and services can see my personal information on some cexs?

I got one point here is giving too much of your information makes you vulnerable to too much scary things that can happen to you, your example gave me another real life example where AI changes the face of some fanonly girl with some innocent girl's face cause big problem. The thing is in my country girls avoid to show there face online, most of the girls do that.

Point is even if someone is seeing my name on CEXs then how one can know what I am buying, like I might be buying offline. Advertising companies are the ones who uses pur data to show us relevant ads besides I would like to hear more from you. Thanks for the infor btw. Not a gay haha
legendary
Activity: 2730
Merit: 7065
I don't know if you're right but exchanges never expose your identity to others unless you change your account to public Binance as a sample they don't put your identity in public unless legal authorities are requesting your data.
So if you spend your BTC on porn or sex toys only Binance knows this and the authorities who requested your data.
They are not going to reveal the information to regular Joe's, but everything is stored on their servers and kept on file. Binance also has a separate platform where law enforcement and government bodies can get in touch with their staff and request any data they need. Blockchain analysis firms surely have access to anything they need as well, and since their business is collecting and monetizing this data, they will share or sell it to interested parties. 
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook

If you deposit your campaign earnings on a KYC exchange like Binance, now it is possible to find out your real name, where you live, and if you are worth a lot of money. If you like to spend your BTC on gay porn and sex toys, the whole world knows you are a degenerate pervert. I won’t make any moral judgments if that’s what you’re into, but the point is that having access to this information has real-life consequences.

I don't know if you're right but exchanges never expose your identity to others unless you change your account to public Binance as a sample they don't put your identity in public unless legal authorities are requesting your data.
So if you spend your BTC on porn or sex toys only Binance knows this and the authorities who requested your data.


All transactions are traceable so I don't think having a full node will completely make your BTC private even if you set it in Tor if you bought BTC from exchanges and just moved it to your private full node then exchanges know that you own that wallet.
You can only be sure about you're privacy if the BTC didn't come from KYCed exchanges that is why P2P and non-KYC exchanges comes in to make our data private.
sr. member
Activity: 1680
Merit: 379
Top Crypto Casino
I never used samurai before, TBH I sometimes wonder why would people need such a level of privacy just to make TX? Are you doing something wrong? No offense just a thought I hope no one would roast me.

Since your signature campaign payment address is public and tied to your identity on Bitcointalk, people can use that to potentially uncover personal information about you and also they can see your spending habits.

If you deposit your campaign earnings on a KYC exchange like Binance, now it is possible to find out your real name, where you live, and if you are worth a lot of money. If you like to spend your BTC on gay porn and sex toys, the whole world knows you are a degenerate pervert. I won’t make any moral judgments if that’s what you’re into, but the point is that having access to this information has real life consequences.

Wanting privacy should not imply that you are doing something bad. On the contrary, wanting to expose so much personal information to the world is what’s unreasonable. Using privacy-focused tools is completely rational and should not be stigmatized.
hero member
Activity: 1428
Merit: 513
Payment Gateway Allows Recurring Payments
Hopefully the next privacy solution that comes around is better and more robust.
So it is a slap on the face of people who always said to use samurai, over wasabi no offense, but I always remain skeptical about these platforms and of those people who used to say, this wallet or browser provides us the best privacy and keep us anonymous. I never used samurai before, TBH I sometimes wonder why would people need such a level of privacy just to make TX? Are you doing something wrong? No offense just a thought I hope no one would roast me.

This only gives us one lesson that we should never trust a single platform if we want full anonymity, We have to use multiple ways to remain more anonymous, but first I don't think the authorities who have seized the wallet will go after the users not a citizen of there country. As a action is taken when something bad is happened, or your government is not supporting crypto, taking serious actions, then you seek privacy. Maybe out of curiosity, a person seek privacy as well. Point is, why would they go after everyone, like why would they decode people's data? Who are not in there region. No doubt we learn from mistakes, the next solution will definitely have better cover ups.
hero member
Activity: 1554
Merit: 880
Notify wallet transaction @txnNotifierBot
Creating a Privacy solution is already risky enough and enough reason for Authorities to investigate you.  Building a Privacy solution under an Anonymous identity will generate even more questions for Authorities.
So be it, unlike exposing your personal information will be so easy for them to give you warrant. Having you as an anonymous creator, the site/server only can be taken down.

Quote
It is a nice idea but maintaining perfect Anonymity is extremely difficult.  Particularly when you have to constantly post updates and communicate.
You have a point, maintaining anonymity will be the most difficult, i bet satoshi will be known the longer he stayed here. But in anyway, as long you follow good practices to maintain anonymous, everything will be fine, hopefully.
legendary
Activity: 882
Merit: 1873
Crypto Swap Exchange
All i can think about this is, developers of decentralized apps/services should prioritized their privacy first, instead of fully publicized their information and their creation. Most services sued by SEC are the developers first since it's easy for them to do it, then shutting down the site - if it's open source it's easy to migrate to another server/site.
Not sure any body would risk what Satoshi did to be honest with you.

Creating a Privacy solution is already risky enough and enough reason for Authorities to investigate you.  Building a Privacy solution under an Anonymous identity will generate even more questions for Authorities.

It is a nice idea but maintaining perfect Anonymity is extremely difficult.  Particularly when you have to constantly post updates and communicate.
hero member
Activity: 1554
Merit: 880
Notify wallet transaction @txnNotifierBot
Hopefully the next privacy solution that comes around is better and more robust.
All i can think about this is, developers of decentralized apps/services should prioritized their privacy first, instead of fully publicized their information and their creation. Most services sued by SEC are the developers first since it's easy for them to do it, then shutting down the site - if it's open source it's easy to migrate to another server/site.
legendary
Activity: 882
Merit: 1873
Crypto Swap Exchange
This is why only one solution to Privacy is not enough.  I would never trust my funds with only ONE attempt at gaining Privacy for my Bitcoin.  I would go through at least two or three filters before considering not caring any more.

The ultimate weapon in my opinion is STILL going to be Atomic Swapping with Monero.  That is the only way you can pretty much never go wrong unless you do it over Clear net or link the wrong UTXOs.  Swap Bitcoin for Monero and back and you will pretty much be safe.  I never felt safe whether it was only one Coin Join or one Mixing Transaction.  It felt wrong, as if the link was still there.

Break the link.  Do not trust only one Software.  Before you know, its Developers may kneel to the enemy or the Software code may have enough flaws to render your supposedly Private UTXO not so Private any more.  And just like the situation with Samourai or Mixers being seized, in most cases you only need to de conspire ONE Transaction to reveal the rest of the history.

-----

As for the undercover Feds.  I do think being vigilant is a good thing.  But on the other hand.  I have yet to hear of some body who was investigated based off what they were saying on Bitcoin Talk.  They do not even have what to investigate anyway for most Members.  Investigate what, the fact that I like having Privacy?  Investigate me for supporting Mixers and Atomic Swaps?

If so then hello Fed and nice to see you wasting your time and the Money of the people on proving pretty much nothing and solving or preventing precisely zero crime.
sr. member
Activity: 1666
Merit: 310
I've warned people long time ago that the Bitcoin community has been infiltrated by trojan horses... some "Bitcoiners" are undercover feds.

Who, in your opinion, do you think fits that classification?
I'm not going to give names, but if you see someone claiming for example that 24/7/365 surveillance ("All seeing eye" as they put it) is a "good" thing for society, then that should raise a couple of red flags at least.

Others hide better their intentions with extravagant claims (aka red herring) about "defending" your privacy.

Even back in the 90s I remember undercover feds lurking in IRC networks (the decentralized IRC network was the forefather of the centralized Discord app that many people use these days).

Stay vigilant...
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I've warned people long time ago that the Bitcoin community has been infiltrated by trojan horses... some "Bitcoiners" are undercover feds.

Who, in your opinion, do you think fits that classification?
sr. member
Activity: 1666
Merit: 310
I've warned people long time ago that the Bitcoin community has been infiltrated by trojan horses... some "Bitcoiners" are undercover feds.
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
Much of what Samourai devs and the whole team did was very problematic.
From the rampant sockpuppeting and personal attacks on social media to the blunt responses they would give to criticism like the one you had made above.
If the mobile wallet was a compromise in privacy it shouldn't have ever been released. And yet they made it a very central point of their marketing.

When asked why they don't use block filters so they don't collect any data, Samourai even went so far as to claim that their mobile wallet was actually a full node wallet:

https://twitter.com/Kruwed/status/1576903392047534081
https://twitter.com/SamouraiWallet/status/1576923638846005248
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
I created an issue in Samourai's repo to have a warning shown to users that they were trusting Samourai's developers with all of their financial data and their IP address: https://web.archive.org/web/20230417145554/https://code.samourai.io/wallet/samourai-wallet-android/-/issues/458

However, Samourai insisted that they would not provide any information to the user whatsoever that they are being spied on by their Bitcoin wallet app and any PR created that warns users about the data they are leaking would not be merged.

Samourai is truly a despicable project. These assholes intentionally created a huge honeypot of Bitcoiner personal data and then handed it over to the feds.
Much of what Samourai devs and the whole team did was very problematic.
From the rampant sockpuppeting and personal attacks on social media to the blunt responses they would give to criticism like the one you had made above.
If the mobile wallet was a compromise in privacy it shouldn't have ever been released. And yet they made it a very central point of their marketing.

But there's only so much we can say about the project while its main proponents are probably looking forward to at least a dozen years in prison and/or a lengthy extradition process. So to the claim that Samourai was a honeypot, I'd say that the dev team was probably just  naive thinking the feds wouldn't go after them. The sad truth is having user data seized also puts user privacy in jeopardy based on how Samourai's infastracture was developed. Whether or not that makes the devs assholes given all the aforementioned is up to anyone's own judgment to make.
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
May 12, 2024, 07:38:02 AM
#9
Probably the first time I'm going to agree with you in here. They were, deliberately or not, knowledgeably or not, performing Sybil attack. In this tweet, it is revealed that no only they were using the xpub keys to query the balances, but even keeping them. What's the excuse for not using block filters to users who didn't connect to their own node?

I asked this question in their Telegram group chat and got banned. I didn't expect this attitude.

They explicitly accused Wasabi contributors of being liars for warning that all privacy settings in Samourai Wallet are off by default and posted a screenshot of these default-off settings turned on: https://twitter.com/SamouraiWallet/status/1647659684445265921

This behavior can only be described with one word: Malicious.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
May 12, 2024, 07:23:43 AM
#8
The way authorities will be able to de anonymize Samourai past users is by way of accessing their xpub data.
Yes, you're correct. I hadn't thought of it this way. Samourai was operating under a fashion such that if it was compromised, it could be Sybil attacked.

Samourai was performing the Sybil attack themselves since they designed their wallet to collect the xpub addresses and IP addresses of their customers. Now the Feds now inherit all the data Samourai collected from this attack.
Probably the first time I'm going to agree with you in here. They were, deliberately or not, knowledgeably or not, performing Sybil attack. In this tweet, it is revealed that no only they were using the xpub keys to query the balances, but even keeping them. What's the excuse for not using block filters to users who didn't connect to their own node?

I asked this question in their Telegram group chat and got banned. I didn't expect this attitude.
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
May 12, 2024, 05:58:54 AM
#7
I created an issue in Samourai's repo to have a warning shown to users that they were trusting Samourai's developers with all of their financial data and their IP address: https://web.archive.org/web/20230417145554/https://code.samourai.io/wallet/samourai-wallet-android/-/issues/458

However, Samourai insisted that they would not provide any information to the user whatsoever that they are being spied on by their Bitcoin wallet app and any PR created that warns users about the data they are leaking would not be merged.

Samourai is truly a despicable project. These assholes intentionally created a huge honeypot of Bitcoiner personal data and then handed it over to the feds.

Run your own node. That's the only way to ensure privacy of your transactions. Anyone else running a node for you can see every transaction you broadcast and potentially any blockfilter you use to scan for your address transactions for assuming Samourai has used such a feature. I know it might sound hard but even a pruned node would suffice in this situation.

If you know you can not run your own node, you can go for the less private but still anonymous way by using Tor. You can use SPV wallet like Electrum and enable Tor. This is not as private as running your own node with Tor but it is better and still anonymous as you are not connecting directly with your IP address.

If you want to enhance your privacy, start with a full noed, make contact always via Tor not looking for your address in the blocs of the blocs and then without being a government agency you want to really follow you, you are safe.

You don't need to run a node for privacy. Light wallets like Wasabi, Zeus, Blixt, and Breez all use BIP157/BIP158 compact block filters. These filters allow you to sync all of the addresses in your wallet without sharing identifiable data with anyone else's full node.

(and send your deanonymoized coins through a mixer since nobody is able to determine what outputs go to what inputs, only the fact that you had used a mixer.)

You mean send your deanonymized coins through a coinjoin.  A "mixer" is a scamming website that has complete knowledge over which inputs go to which outputs, just like Samourai.

How can they do that? The whirlpool server is shutdown, we all know about the recent events. A Sybil attack requires the authorities to continue running whirlpool, as if nothing happened.

Samourai was performing the Sybil attack themselves since they designed their wallet to collect the xpub addresses and IP addresses of their customers. Now the Feds inherit all the data Samourai collected from this attack.
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
May 12, 2024, 04:30:33 AM
#6
@BlackHatCoiner
The way authorities will be able to de anonymize Samourai past users is by way of accessing their xpub data. Essentially this data was on Samourai servers which authorities claim to have seized. Now, this allows for all past transactions made by mobile users (which were a sizeable portion of the network and therefore acting as a sibil attacker) to be traced. Deducting this data from all coinjoins makes it easy to decode each one. But also associate coinjoins together to deduct who is who even if they were using a node. Samourai's volume being smaller than their competing privacy wallet makes this task easier too.

Here's a thread about this:
https://twitter.com/oomahq/status/1789253579213004937
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
May 12, 2024, 03:37:21 AM
#5
Now after the seizure of data possesed by Samourai developers though, authorities can essentially perform analysis equal to performing a Sybil attack and de-anonymize even those that had their own node.
How can they do that? The whirlpool server is shutdown, we all know about the recent events. A Sybil attack requires the authorities to continue running whirlpool, as if nothing happened.

Hopefully the next privacy solution that comes around is better and more robust.
There's talk about decentralized whirlpool, but it's still unclear how this will be resistant to Sybil attacks. Previously, you only needed to trust that Samourai isn't sybil attacking, but now that chain analysis firms can join the Soroban network, I don't bet my hands on it.

Anyone else running a node for you can see every transaction you broadcast and potentially any blockfilter you use to scan for your address transactions for assuming Samourai has used such a feature.
Samourai wasn't using block filters. It was sending your xpub to their server. It is true that this was one very bad practice.
legendary
Activity: 2702
Merit: 4002
May 12, 2024, 02:28:41 AM
#4
Chipmixer servers have been seized, and user data was taken about 7 Terabytes of Data. If this data was useful, many hackers were arrested in the last 5 years, as CM was the largest mixer for many years.
What I try to say is that the government will not analyze to track the privacy of individuals and that the entities that launder money take mixers as one of the points in the chain of concealment of identity and therefore the data will not be important without tracking all sources.

If you want to enhance your privacy, start with a full noed, make contact always via Tor not looking for your address in the blocs of the blocs and then without being a government agency you want to really follow you, you are safe.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
May 12, 2024, 02:08:38 AM
#3
If you know you can not run your own node, you can go for the less private but still anonymous way by using Tor. You can use SPV wallet like Electrum and enable Tor. This is not as private as running your own node with Tor but it is better and still anonymous as you are not connecting directly with your IP address.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
May 12, 2024, 01:05:11 AM
#2
Hopefully the next privacy solution that comes around is better and more robust.

Run your own node. That's the only way to ensure privacy of your transactions. Anyone else running a node for you can see every transaction you broadcast and potentially any blockfilter you use to scan for your address transactions for assuming Samourai has used such a feature. I know it might sound hard but even a pruned node would suffice in this situation.

(and send your deanonymoized coins through a mixer since nobody is able to determine what outputs go to what inputs, only the fact that you had used a mixer.)
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
May 11, 2024, 06:55:08 PM
#1
Samourai wallet recently was seized and two leading members of the project were arrested and charged.

The issue with this is that samourai developers aside of providing the software to participate in coinjoin mixing transactions, were also hosting a node for everyone seeking to access this service from mobile. Essentially every mobile user was relying on their node.

It was possible for someone to rely on his own full node but not everyone did it. Now after the seizure of data possesed by Samourai developers though, authorities can essentially perform analysis equal to performing a Sybil attack and de-anonymize even those that had their own node.

Simply by knowing where the transactions of those using the node-service where going, it's easy to figure out the rest by picking up the pieces left and right. Especially given that the transactions going through Samourai's hosted service where a very seizable portion of the total. So all in all, anyone who had even used Samourai wallet should consider their past transaction privacy compromised and potentially act accordingly. I wish all these people best of luck and hope with all my heart that authorities leave them the fuck alone. Understandably it has to be very stressful having to go through this when you were promised top notch privacy... But what can you do, we learn from our mistakes.

Hopefully the next privacy solution that comes around is better and more robust.
Jump to: