Topic: The default Wasabi Wallet coordinator will start censoring "illegal" UTXOs - page 3. (Read 1595 times)

Which is the case for every wallet in existence. If you aren't connecting to your own full node, then the owner of whichever node you are connecting to will be able to monitor your activity. I don't think this is a vulnerability by any means, especially since Samourai are completely transparent about this fact and encourage people to run Dojo themselves. It is more of a trade off between people wanting some privacy but not wanting to run a node, and people wanting much more privacy and therefore running a node themselves.

I was looking for a vulnerability where a user could do everything right and still be deanonymized, as is the case for this Wasabi vulnerability.

Maybe they were forced to do so, which is a lot worse IMO because they kept it silent instead of being transparent about the situation. Who knows what other backdoors they've already introduced or could introduce in the future into their project.

One thing is certain though, this team does not care about bitcoin principles such as privacy and censorship resistance.

Here is an interesting video -- How Wasabi was "demixed" by Chainalysis

How about this?

Unless you're connecting to Whirlpool via RoninDojo, Samourai Wallet devs can deanonymize you because they will know your main wallet xpub, your pre-mix xpub, your post-mix xpub and toxic change xpub.

A little bit of expansion on this that I came across today: US government spooks have cracked ‘anonymous’ Bitcoin wallet Wasabi

Seems like if you have any coins in a Wasabi wallet right now then not only do you need to withdraw them before Wasabi decide to start blacklisting them, you'll also need to re-mix them (and do so thoroughly) using a different mixing method.

I'd be interested if anyone can point to any similar flaws or vulnerabilities in Samourai wallet?

---

And in another development to this story:


Wasabi are censoring inputs because they want to, and not because they are being forced to. They have moved to the opposite end of the spectrum with a single decision. I cannot understand what they are thinking here. No sane person should every use Wasabi again.

Best alternative wallet I see is Mercury wallet that is working on totally different principle of swaping private keys in secure way, in that way fees are much lower and privacy can be much higher.
I don't think regulators will be able to do anything with Mercury wallet, but there is always good old mixers we all know, or using Lightning Network is viable alternative.
Instead of creating bunch of shitcoin projects, developers should focus more on making better privacy for bitcoin, but hey you can't scam people like that and become rich overnight...

If that is possible, that is even better!

They made the matter even worse after 'explaining'.  People started to identify Bitcoin with illicit activities and actors and it never got censored.  Not directly on the blockchain anyway.  They do it by banning addresses on exchanges and so, they even tried censoring through miners.  Sad thing for them it did not work.  I am aware there are illicit transactions on the blockchain.  Drug deals and all that shit.  But you either have this or nothing.

This is a VERY dangerous model and the more censorship there is on the surface and externally, the more they will try to invade Bitcoin's decentralized and uncensored manner.  I am against illicit activities too.  So?  I am still against censorship.  And I would never accept a version of the Bitcoin blockchain that censors illicit transactions.  Not because I want them to exist, but because this is a precedent.  Give them an inch and they will take miles.

What we do not seem to get is that in order to have our rights taken away, they have to be taken little by little.  This is how you also take away Bitcoin's most important features.  By accepting the censorship of illicit activities, you will end up accepting censoring addresses of known oligarchs too.  Then you get to the point where you just censor whatever they want, just because they can slap a 'suspect of illicit activities' label on the UTXO.  It gets to a never ending cycle.

This Bitcoin thing is either fully uncensored or it has no point in existing.  We already have central banks doing the censoring, seizing and removal of rights for us.  But to say you are censoring because you do not like illicit activities, you either lied all this time about being pro financial freedom or you have no idea how Bitcoin works.  Or, you have to give up due to .. external pressure.  All in all, this entire mess does not help me at all with being paranoid!

-
Regards,
PrivacyG

There is no need for Monero, all this can well be done on the bitcoin blockchain itself: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-February/020026.html

EDIT:

Wasabi Wallet Parent Company Explains Decision To Censor Bitcoin Transactions

“People started to identify Wasabi with illicit activities and actors, and we wanted to differentiate ourselves from these players in the space,” Harmat said, adding that the route taken on Sunday was zkSNACKs’ solution to enforce it.

“We were always against using [CoinJoin] for illicit activities, and as far as we could see from the news, lots of actors started to take advantage of the software,” Harmat said. “And this created really bad press for us.”

“Wasabi is for people to preserve their privacy, and not for hiding illicit activities,” he added.

“We did our research and really went into the legal details,” Harmat said. “There are no current regulations on ongoing joint coordinators. However, I’m aware this is going to change in the future.”

We haven’t been thinking about implementing a new user interface for switching the coordinator,” Harmat said, when asked if Wasabi would take proactive steps to ensure a more straightforward way for users to choose a different coordinator. “Obviously the whole project is open, anyone is free to do whatever they want to do with it.”

Wow, thanks for this information! They both always seemed slick looking (website, screenshots), but at the same time gave me a weird gut feeling. Somehow the 'hyped up' attitude of one or both (I don't remember) on Twitter and large claims as well as the 'too nice'^{(do you know what I mean? )} websites somehow threw me off a bit. Fortunately I haven't used either so far, so I guess I haven't leaked anything to chain analysis or their servers through these programs.
In the end, the simplest stuff is the best. Full node with electrs, open source thin clients and usage of coin control. Mixing with trusted service if needed or paying stuff through Lightning...

True, atomic swaps are pretty cool. I'm looking forward to seeing what comes out of this development, it seems compelling!

I think the closest thing is Atomic Swaps.  All the other currently existing alternatives are now closed source or honeypots.  Wasabi turned bad, Samourai was weird already.  What is left is using Bisq to enhance privacy or ChipMixer but Bisq is an exchange and ChipMixer is mostly trust based.

I imagine the open source Monero to Bitcoin Atomic Swap mechanism will be very handy for privacy.  Move Bitcoin to Monero and back and you have a new set of coins obtained in a decentralized manner.  How decentralized and open source.. is another discussion but hopefully it exceeds expectations.  Thing is, there is a large market for Bitcoin privacy and fungibility.  I would imagine many would pay big prices to have some privacy over here, so who gets to offer the perfect solution will earn money big time.

-
Regards,
PrivacyG

There aren't many alternatives though. Besides those two, i only could think JoinMarket.


Wasabi is non-custodial wallet. You also have option to connect Wasabi to your own full node.

It FAILED to live up to Bitcoin's ethos. But how would developers mitigate this in the next iteration of the "next Wasabi"? Or what other alternatives can be built, using another path, to protect and preserve Bitcoin's fungibility? Offchain layer with Zero-Knowledge Proofs perhaps? Is that possible?

Samourai Wallet is not a good alternative to Wasabi Wallet and never has been because:
1) Samourai Wallet knows everything about your transactions since all the addresses and public keys go through their server. If you connect to their trusted node, it only gives you a false sense of security and privacy due to the fact that everything is already exposed to their server, and their node does nothing but simply relaying transactions. I think they can easily demix you because they will know your incoming and outgoing transactions. [1]
2) They constantly lie about their wallet being reproducible while in fact, it is not, which was checked and proved many times. In my opinion, if it is not reproducible, it is closed-sourced and probably malicious. [2]
3) Their sockpuppets are attacking Giacomo Zucco just for the fact that when talking about CoinJoin implementations in his famous article regarding privacy, he put Samourai after Wasabi and JoinMarket. Clearly, he should have mentioned it first to not offend and hurt feelings of Samourai developers! [3][4]


[1] https://www.reddit.com/r/Bitcoin/comments/9r9344/comment/e8fm1v8/
[2] https://walletscrutiny.com/android/com.samourai.wallet/
[3] https://t.me/nobullshitbitcoin/2615?comment=14516
[4] https://giacomozucco.com/a-treatise-on-bitcoin-and-privacy-part-1-a-match-made-in-the-whitepaper

You mean think very, very cynically--and to be honest I'm not even sure at this point what the difference is between being cynical and being realistic, what with all the BS politicians and the media get away with.

I'm not familiar with Wasabi (though I've heard the name before) or coinjoin.  Is Wasabi a centralized wallet, like a web wallet?  And I'm assuming coinjoin is a feature they offer.  In any case, there could indeed be pressure from a government agency or it could just be them being proactive, anticipating that sooner or later they'll fall smack dab in the center of the microscope slide. 

I'm not saying Russia has any grounds for invading Ukraine, but when I watch the news (any news from any station), they're not-so-subtly giving everyone the hint that there's only one way to think about this situation.  And what do you know?  I just saw there's a series from 2019 being promoted (The Last Czar) which is apparently all about Russia's history of autocracy/dictatorship/whatever.  That's got to be a coincidence, I'm sure.

Is "Samourai wallet" really the alternative to go to? I remember it also having some controversy. A small one was that it used to send (maybe it still does) user's xpubs to their servers whereas it only needs to send the address(es) that need be updated.
They harassed G. Maxwell for pointing it out too ref
They've apparently harassed others too ref.

In any case I believe both Wasabi and Samourai wallets are unpopular and unreveiwed softwares (despite what it may look like from their community). They both have some degree of shadiness which is not something you want in a privacy oriented software!

Wow, excuse my language but what the actual fuck.  I hope they are going broke now, because this is crazy and this is one reason we never have peace from governments.  Because of these suckers who would rather continue earning money by bending knees than continue to support the ideas Wasabi was created out of.

I specifically used Wasabi to AVOID blockchain analysis companies messing up with my stuff.  Why the hell would I ever use Wasabi again when I know using it means literally being part of an analysis from now on?

Fuck that.  This is why we need a hundred-percent decentralized and open source mechanism of mixing.  I keep seeing suggestions for Samourai's Whirlpool, but is it better than Wasabi really or could it be yet another honeypot?

-
Regards,
PrivacyG

Honestly, a few things. Besides me not liking the language and the program running in a VM instead of bare-metal being less efficient, whenever I started using programs that depended on Java in the past, it ended up in desaster. Some programs required different versions than others, then some versions interfered with each other; uninstalling Java also didn't go cleanly all the time - this sort of stuff.
But I'll try the 'AppImage' then. Thanks!

They have AppImage which should bundle all dependency (including Java). But what's your problem with Java? If you don't want install closed source software, you could install OpenJDK.

That's very interesting insight, thanks! Definitely makes sense.

I always had the same issue with it (I prefer desktop software), but Whirlpool for the desktop requires you to install Java, which I'm not particularly fond of. They should maybe package it with the binary or something like that; for now I'll give it a pass.

Another one bites the dust!

In that list of illegal activities, there is no mention of mixing your coins with ChipMixer and than performing CoinJoins with Wasabi. But since they are now cooperating with anal alpinist, I mean blockchain analysis companies, it's better to abandon the service and look for alternative solutions.

I think he decided to disappear after he found out that Gavin Andresen was invited by the CIA to discuss Bitcoin. Satoshi was in contact with Gavin and they discussed the protocol until Gavin told him he is meeting up with the CIA. That's when all the communication between the two stopped. Gavin mentioned that somewhere. The negative spotlight that was put on Bitcoin due to the Silk Road marketplace was also a factor. 

Developers of privacy enhancing tool should not even mention anti-privacy companies let alone hire them! They're essentially funding the enemy of the privacy. Who knows what else they are doing.

On some serious note, have any experts actually checked Wasabi source code and the implementation of CoinJoin in the past? Or are people just trusting the popularity and having the source without reading it?