The default Wasabi Wallet coordinator will start censoring "illegal" UTXOs

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: n0nce on July 09, 2022, 07:20:28 PM

@theymos can we get this removed after the Wasabi x Chainalysis ~~collaboration~~debacle? Roll Eyes

In all fairness though, the Wasabi CEO said they are not getting data from Chainalysis but from another blockchain analysis company.
It doesn't change anything about them buying UTXO data for blacklisting in the first place, but lets get our facts straight.

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

I just realized that the forum's recommendation for Bitcoin privacy is usage of Wasabi.

Quote from: https://bitcointalk.org/privacy.php

Retention

\|	Thing	\|	Retention	\|	Possible user actions to maximize privacy	\|
\|	Payment info such as Bitcoin addresses	\|	Indefinite	\|	Use private payment technology such as the Wasabi wallet	\|

@theymos can we get this removed after the Wasabi x ~~Chainalysis~~ Edit: undisclosed blockchain analysis company ~~collaboration~~debacle? Roll Eyes

I guess linking to a page that explains the general concept of CoinJoin could make more sense than basically advertising for the private company https://zksnacks.com/.

witcher_sense

legendary

Activity: 2464

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: n0nce on May 03, 2022, 10:07:56 AM

I agree with the sentiment that Samourai is very misleading in that at first sight it appears you get anonymous mixing with or without full node, but then it turns out that if you don't run one, you lose all privacy by doing one of the worst things you could do; leaking your xpub.

Sure, zkSNACKs openly confesses to blacklist, but it also still claims to be a privacy wallet. While working with chainalysis. How doesn't this immediately sound like an oxymoron?

I wouldn't say either of them are a 'scam' in that they don't steal your money, but Wasabi sends your information to Chainalysis and Samourai deanonymizes you if you don't buy their node, so they're both going against their main proposed selling point (privacy) in a rather similar way. You could argue that Samourai holds the xpubs themselves, while you guys pass the info further right away, however I don't trust Samourai to be government- and three-letter-agency-secure if they come knocking at their door.

As long as Samourai devs remain anonymous, they can afford not to collaborate with three-letter agencies or chain surveillance companies. But once (not if) they get deanonymized, they will have no choice but to hand over to governments every piece of information they have collected about their users over the years of Whirlpool operation, including xpubs, pre-mix, and post-mix addresses. Law enforcement agencies already know which transactions were coming from Whirlpool and at which point in time they were made. They will come to Samourai devs and force them to disclose additional information about particular addresses. If they refuse to provide information and cooperate with whoever comes to them, they may find themselves in jail and be accused of facilitating money laundering and other illegal activities. Of course, they will collaborate and start secretly surveilling the users of Whirlpool reporting users' activity to agencies. Maybe they already do. All this will happen because everyone, including governments, is already aware of Samourai capability to collect such information, and this is why they will demand it from them eventually.

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

Quote from: nopara73 on May 02, 2022, 07:10:27 AM

I claimed Samourai is a scam, and explained the reason why: it markets itself as a privacy wallet while it has very bad privacy. People who use it are promised privacy, but they don't get it. Samourai users are the victims of the Samourai scam. In contrast, zkSNACKs is not lying about its blacklisting. No dishonesty there, therefore the definition as a scam does not apply.

I agree with the sentiment that Samourai is very misleading in that at first sight it appears you get anonymous mixing with or without full node, but then it turns out that if you don't run one, you lose all privacy by doing one of the worst things you could do; leaking your xpub.

Sure, zkSNACKs openly confesses to blacklist, but it also still claims to be a privacy wallet. While working with chainalysis. How doesn't this immediately sound like an oxymoron?

I wouldn't say either of them are a 'scam' in that they don't steal your money, but Wasabi sends your information to Chainalysis and Samourai deanonymizes you if you don't buy their node, so they're both going against their main proposed selling point (privacy) in a rather similar way. You could argue that Samourai holds the xpubs themselves, while you guys pass the info further right away, however I don't trust Samourai to be government- and three-letter-agency-secure if they come knocking at their door.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Quote from: dkbit98 on May 02, 2022, 03:42:45 PM

I am not defending Samourai wallet at all and the may be dishonest, but please stop acting like a child with this anti-advertisement.

It's just non stop whataboutism. Repeatedly fails to address any of the very valid and very concerning issues being raised about Wasabi, and just attacks Samourai instead. Roll Eyes

Quote from: pooya87 on May 02, 2022, 09:42:15 PM

Not to mention that whoever is pressuring you to enforce the censorship is surely pressuring you to do a lot more.

Either they are doing it because they are being pressured to (and will therefore do much worse in the future), or they are doing it of their own free will because they don't care about you or your privacy at all and just want to make profits from institutional investors, as explained here: https://bitcointalksearch.org/topic/m.59996771. I'm not sure which is worse, but either reason means nobody should be using Wasabi anymore.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: nopara73 on May 02, 2022, 07:10:27 AM

I claimed Samourai is a scam, and explained the reason why: it markets itself as a privacy wallet while it has very bad privacy. People who use it are promised privacy, but they don't get it.

And Wasabi was supposed to be a privacy solution as well, but it has very bad privacy because of your new collaborations with whoever pays more to deanonymize users.

Quote from: nopara73 on May 02, 2022, 07:10:27 AM

Samourai users are the victims of the Samourai scam.

And Wasabi users are the victims of censorship, Wasabi taint scam, and being offered a partnership with blockchain analysis companies deanonymizing those who seek anonymity. You announcing it or not doesn't change what you and your new business partners are doing.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: nopara73 on May 02, 2022, 07:10:27 AM

In contrast, zkSNACKs is not lying about its blacklisting. No dishonesty there, therefore the definition as a scam does not apply.

You are showing a middle finger to bitcoin's fungibility as a privacy providing tool and are censoring people selectively and you are saying there is no dishonesty there just because you announced what you were doing? What other choice you had? You couldn't hide the censorship, people would have said something on the internet about how their coins are being blocked by your tool.

You can't seriously claim having any shred of honesty here. Not to mention that whoever is pressuring you to enforce the censorship is surely pressuring you to do a lot more.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: nopara73 on May 02, 2022, 07:10:27 AM

I didn't mean to put words into your mouth, sorry. I claimed Samourai is a scam, and explained the reason why: it markets itself as a privacy wallet while it has very bad privacy. People who use it are promised privacy, but they don't get it. Samourai users are the victims of the Samourai scam. In contrast, zkSNACKs is not lying about its blacklisting. No dishonesty there, therefore the definition as a scam does not apply. I'm sorry, if you feel this to be an attack, these are factual statements. The truth about Samouarai is so disturbing that I'm not sure how to put things more mildly.

Please go ahead and create scam accusation topic in forum about Samourai wallet and post all evidence you gathered how exactly they scam people, than I will review everything.
If I remember correctly zkSNACKs promised privacy and it was proven earlier that it is possible to de-anonymize transactions and identify addresses and people who used Wasabi wallet, now they are blocking addresses and transactions, I wonder what's next.
And yet, you don't see me saying that Wasabi wallet is a scam...

Quote from: nopara73 on May 02, 2022, 07:10:27 AM

If you don't believe me or don't get it, you can check out how Gregory Maxwell (inventor of coinjoin) and Chris Belcher (inventor of JoinMarket) put it:

I know that Gregory Maxwell and Chris Belcher don't like Samourai wallet, but I don't see them running around shouting SCAM all over the forum.
I am not defending Samourai wallet at all and the may be dishonest, but please stop acting like a child with this anti-advertisement.
Cheers.

nopara73

member

Activity: 103

Merit: 327

Quote from: dkbit98 on May 01, 2022, 03:52:05 PM

Quote from: nopara73 on May 01, 2022, 08:59:48 AM

Yes, because it's a scam. No privacy, just marketing. Whirlpool is not on the same level. Unlike Wasabi or JoinMarket, it isn't trustless. Using them you trust a third party with your privacy.

I never said it's a scam, for saying that you would need to show some proof, and I didn't hear a single case of anyone in forum getting scammed by using Samourai wallet.
Should I also consider Wasabi wallet to be a scam just because it's ignoring to mix some coins?

Quote from: nopara73 on May 01, 2022, 08:59:48 AM

This is a fundamental privacy leak, which just makes the two wallet not even comparable. However the problems did not end here, I think they can be deanonymized by other means, too, but any discussion comparing the two should.

I never uses Samourai, and I know they have some privacy issues, but at least they are not blocking any addresses from mixing.
Attacking each other in current situation is just waste of time in my opinion.

I didn't mean to put words into your mouth, sorry. I claimed Samourai is a scam, and explained the reason why: it markets itself as a privacy wallet while it has very bad privacy. People who use it are promised privacy, but they don't get it. Samourai users are the victims of the Samourai scam. In contrast, zkSNACKs is not lying about its blacklisting. No dishonesty there, therefore the definition as a scam does not apply. I'm sorry, if you feel this to be an attack, these are factual statements. The truth about Samouarai is so disturbing that I'm not sure how to put things more mildly.

If you don't believe me or don't get it, you can check out how Gregory Maxwell (inventor of coinjoin) and Chris Belcher (inventor of JoinMarket) put it:

- https://bitcointalksearch.org/topic/m.51128834
- https://mobile.twitter.com/chris_belcher_/status/1345176372474425348
- https://mobile.twitter.com/chris_belcher_/status/1345176039874564097

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: nopara73 on May 01, 2022, 08:59:48 AM

Samourai Wallet by default collects the xpubs of their users (past, present and future financial transactions) thus they provide zero privacy against themselves (and hackers and governments.)

In contrast with Wasabi, wherein to mix, you need to pass the legal-UTXO test? Disgrace. At least in Samourai you can run your own node and avoid handing out your master public key if that's the only problem; you're sure you're having your outputs mixed.

Quote from: dkbit98 on May 01, 2022, 03:52:05 PM

Should I also consider Wasabi wallet to be a scam just because it's ignoring to mix some coins?

Beyond that, they're working with chain analysis companies, treating bitcoin as non-fungible while that's the promising point of their project. It's confirmed that they did this voluntarily to ~~protect their operation~~ to make money. Whoever mixes with their coordinator pays for their monitoring. Completely untrustworthy individuals.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: nopara73 on May 01, 2022, 08:59:48 AM

Yes, because it's a scam. No privacy, just marketing. Whirlpool is not on the same level. Unlike Wasabi or JoinMarket, it isn't trustless. Using them you trust a third party with your privacy.

I never said it's a scam, for saying that you would need to show some proof, and I didn't hear a single case of anyone in forum getting scammed by using Samourai wallet.
Should I also consider Wasabi wallet to be a scam just because it's ignoring to mix some coins?

Quote from: nopara73 on May 01, 2022, 08:59:48 AM

This is a fundamental privacy leak, which just makes the two wallet not even comparable. However the problems did not end here, I think they can be deanonymized by other means, too, but any discussion comparing the two should.

I never uses Samourai, and I know they have some privacy issues, but at least they are not blocking any addresses from mixing.
Attacking each other in current situation is just waste of time in my opinion.

nopara73

member

Activity: 103

Merit: 327

Quote from: dkbit98 on April 30, 2022, 03:18:33 PM

Sparrow is using Samourai Whirlpool and many bitcoiners who know much more about privacy tell me, don't like mixing with Whirpool.

Yes, because it's a scam. No privacy, just marketing. Whirlpool is not on the same level. Unlike Wasabi or JoinMarket, it isn't trustless. Using them you trust a third party with your privacy.

Samourai Wallet by default collects the xpubs of their users (past, present and future financial transactions) thus they provide zero privacy against themselves (and hackers and governments.) For this they say "use dojo" which is a Bitcoin full node that fixes this network level privacy disaster, however you'll still be mixing with other xpub leakers. If you're the only one who uses a full node, then the links between your inputs and outputs in the mix is trivially deanonymized by exclusion. This is a fundamental privacy leak, which just makes the two wallet not even comparable. However the problems did not end here, I think they can be deanonymized by other means, too, but any discussion comparing the two should.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: JL0 on April 30, 2022, 02:21:35 PM

Could the Sparrow wallet be an alternative?

I tested Sparrow wallet few years ago and I wrote more about that in one of my topics from 2020.
I am not sure it can replace Wasabi that was simple plug'n'play wallet, and you need to do some setting up in combination with other tools to make it work.
Sparrow is using Samourai Whirlpool and many bitcoiners who know much more about privacy then me, don't like mixing with Whirpool.

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

Quote from: JL0 on April 30, 2022, 02:21:35 PM

Could the Sparrow wallet be an alternative?

Sparrow includes an implementation of Whirlpool. As far as I know, Whirlpool by Samourai is a way better option, however you need your own node or 'RoninDojo' (a full node) to use it 100% privately.
'Sparrow Whirlpool' is not any different from 'Samourai Whirlpool', as far as I know.

Quote from: witcher_sense on March 18, 2022, 12:21:36 PM

Quote from: o_e_l_e_o on March 18, 2022, 11:44:42 AM

I'd be interested if anyone can point to any similar flaws or vulnerabilities in Samourai wallet?

How about this?

Unless you're connecting to Whirlpool via RoninDojo, Samourai Wallet devs can deanonymize you because they will know your main wallet xpub, your pre-mix xpub, your post-mix xpub and toxic change xpub.

JL0

full member

Activity: 817

Merit: 158

Bitcoin the Digital Gold

Could the Sparrow wallet be an alternative?

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

Quote from: witcher_sense on April 29, 2022, 12:51:29 AM

They need more money. They literally do not care what regular users think about them: they introduced blacklisting so that large institutional investors, not plebs, which they call "criminals," can mix their money without fear of being questioned by regulators.

I think this quote that you dug up really puts the nail in the coffin.

I also like your usage of the word 'plebs' ('plebeians' would be more correct as plural - actually plebs refers to the whole group of plebeians as one); quite similarly to the Roman empire, some people always seem to think they're in a sort of 'upper class' as opposed to the 'plebeian working class'. And in this case they deem the working class criminal and fear to be confused with this presumed 'lower class'.

But honestly; if they really wish, let them play with their little UTXO set of 'upper class clean incest coins' and they'll soon realize that it just dramatically reduces the anonymity set they're in and they're cutting themselves off the whole Bitcoin ecosystem. As o_e_l_e_o said, the most stupid thing for 'plebeians' would now be to use the 'patricians' tools and comply with their arbitrary and subjective rules without any real benefit.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Quote from: witcher_sense on April 29, 2022, 12:51:29 AM

-snip-

As if working hand-in-hand with blockchain analysis companies wasn't bad enough, it now becomes clear that the whole point they are doing it is so they can get in to bed with centralized entities and make more sweet, sweet profits for themselves.

Just another project to add to the ever growing list of projects which started out so promisingly and then completely sold out all their users and the very principles of bitcoin to make sure they could keep lining their own pockets.

You are insane if you keep using Wasabi at this point.

witcher_sense

legendary

Activity: 2464

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: pooya87 on April 28, 2022, 10:44:40 PM

It's still not too late for them to undo the damage to their reputation. They have to first publicly apologize then start moving towards making their application truly decentralized by removing coordinators completely by finding a way for users to connect to each other and mix coins P2P. But that also means giving up on the money they were earning!

They need more money. They literally do not care what regular users think about them: they introduced blacklisting so that large institutional investors, not plebs, which they call "criminals," can mix their money without fear of being questioned by regulators.

Quote from: https://stephanlivera.com/episode/364/

But one other thing is that: if you, as a CoinJoin coordinator, if you want to work with institutional clients, hedge funds, insurance funds, Michael Saylor, and all these people, well, even if ZKSnacks were not to be regulated, those customers might very well be, maybe because they’re custodians of other people’s money or whatnot. And then these regulated entities can only become users of a coordinator—arguably, I’m not sure—if such a blacklisting is involved. Again, the major feedback that I got from institutionals regarding CoinJoin adoption was, I don’t want to mix with criminals—my compliance team is gonna take me apart on that one. Now, I don’t know if there is an actual concern here or if this is just, again, some preemptive speculative compliance, but arguably there is. So we might see this world where ZKSnacks specifically has a bunch of liquidity from institutionals that are just not comfortable to CoinJoin with another coordinator which has the Anyone can join policy, including criminals.

"I don't want to mix with criminals' dirty money" - says institutional as if their money are always "clean" by default.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: Slottie on April 28, 2022, 08:38:50 AM

Seems like Wasabi will die in a few years. It was too good to last forever.

It's still not too late for them to undo the damage to their reputation. They have to first publicly apologize then start moving towards making their application truly decentralized by removing coordinators completely by finding a way for users to connect to each other and mix coins P2P. But that also means giving up on the money they were earning!

Slottie

newbie

Activity: 26

Merit: 1

Seems like Wasabi will die in a few years. It was too good to last forever.

Topic: The default Wasabi Wallet coordinator will start censoring "illegal" UTXOs (Read 1595 times)