Author

Topic: The default Wasabi Wallet coordinator will start censoring "illegal" UTXOs (Read 1473 times)

legendary
Activity: 1526
Merit: 6442
bitcoincleanup.com / bitmixlist.org
@theymos can we get this removed after the Wasabi x Chainalysis collaborationdebacle? Roll Eyes

In all fairness though, the Wasabi CEO said they are not getting data from Chainalysis but from another blockchain analysis company.
It doesn't change anything about them buying UTXO data for blacklisting in the first place, but lets get our facts straight.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
I just realized that the forum's recommendation for Bitcoin privacy is usage of Wasabi.

Retention
|Thing|Retention|Possible user actions to maximize privacy|
|Payment info such as Bitcoin addresses|Indefinite|Use private payment technology such as the Wasabi wallet|

@theymos can we get this removed after the Wasabi x Chainalysis Edit: undisclosed blockchain analysis company collaborationdebacle? Roll Eyes
I guess linking to a page that explains the general concept of CoinJoin could make more sense than basically advertising for the private company https://zksnacks.com/.
legendary
Activity: 2254
Merit: 4260
🔐BitcoinMessage.Tools🔑
I agree with the sentiment that Samourai is very misleading in that at first sight it appears you get anonymous mixing with or without full node, but then it turns out that if you don't run one, you lose all privacy by doing one of the worst things you could do; leaking your xpub.

Sure, zkSNACKs openly confesses to blacklist, but it also still claims to be a privacy wallet. While working with chainalysis. How doesn't this immediately sound like an oxymoron?

I wouldn't say either of them are a 'scam' in that they don't steal your money, but Wasabi sends your information to Chainalysis and Samourai deanonymizes you if you don't buy their node, so they're both going against their main proposed selling point (privacy) in a rather similar way. You could argue that Samourai holds the xpubs themselves, while you guys pass the info further right away, however I don't trust Samourai to be government- and three-letter-agency-secure if they come knocking at their door.
As long as Samourai devs remain anonymous, they can afford not to collaborate with three-letter agencies or chain surveillance companies. But once (not if) they get deanonymized, they will have no choice but to hand over to governments every piece of information they have collected about their users over the years of Whirlpool operation, including xpubs, pre-mix, and post-mix addresses. Law enforcement agencies already know which transactions were coming from Whirlpool and at which point in time they were made. They will come to Samourai devs and force them to disclose additional information about particular addresses. If they refuse to provide information and cooperate with whoever comes to them, they may find themselves in jail and be accused of facilitating money laundering and other illegal activities. Of course, they will collaborate and start secretly surveilling the users of Whirlpool reporting users' activity to agencies. Maybe they already do. All this will happen because everyone, including governments, is already aware of Samourai capability to collect such information, and this is why they will demand it from them eventually.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
I claimed Samourai is a scam, and explained the reason why: it markets itself as a privacy wallet while it has very bad privacy. People who use it are promised privacy, but they don't get it. Samourai users are the victims of the Samourai scam. In contrast, zkSNACKs is not lying about its blacklisting. No dishonesty there, therefore the definition as a scam does not apply.
I agree with the sentiment that Samourai is very misleading in that at first sight it appears you get anonymous mixing with or without full node, but then it turns out that if you don't run one, you lose all privacy by doing one of the worst things you could do; leaking your xpub.

Sure, zkSNACKs openly confesses to blacklist, but it also still claims to be a privacy wallet. While working with chainalysis. How doesn't this immediately sound like an oxymoron?

I wouldn't say either of them are a 'scam' in that they don't steal your money, but Wasabi sends your information to Chainalysis and Samourai deanonymizes you if you don't buy their node, so they're both going against their main proposed selling point (privacy) in a rather similar way. You could argue that Samourai holds the xpubs themselves, while you guys pass the info further right away, however I don't trust Samourai to be government- and three-letter-agency-secure if they come knocking at their door.
legendary
Activity: 2268
Merit: 18492
I am not defending Samourai wallet at all and the may be dishonest, but please stop acting like a child with this anti-advertisement.
It's just non stop whataboutism. Repeatedly fails to address any of the very valid and very concerning issues being raised about Wasabi, and just attacks Samourai instead. Roll Eyes

Not to mention that whoever is pressuring you to enforce the censorship is surely pressuring you to do a lot more.
Either they are doing it because they are being pressured to (and will therefore do much worse in the future), or they are doing it of their own free will because they don't care about you or your privacy at all and just want to make profits from institutional investors, as explained here: https://bitcointalksearch.org/topic/m.59996771. I'm not sure which is worse, but either reason means nobody should be using Wasabi anymore.
legendary
Activity: 2716
Merit: 7007
Farewell, Leo. You will be missed!
I claimed Samourai is a scam, and explained the reason why: it markets itself as a privacy wallet while it has very bad privacy. People who use it are promised privacy, but they don't get it.
And Wasabi was supposed to be a privacy solution as well, but it has very bad privacy because of your new collaborations with whoever pays more to deanonymize users.

Samourai users are the victims of the Samourai scam.
And Wasabi users are the victims of censorship, Wasabi taint scam, and being offered a partnership with blockchain analysis companies deanonymizing those who seek anonymity. You announcing it or not doesn't change what you and your new business partners are doing. 
legendary
Activity: 3402
Merit: 10424
In contrast, zkSNACKs is not lying about its blacklisting. No dishonesty there, therefore the definition as a scam does not apply.
You are showing a middle finger to bitcoin's fungibility as a privacy providing tool and are censoring people selectively and you are saying there is no dishonesty there just because you announced what you were doing? What other choice you had? You couldn't hide the censorship, people would have said something on the internet about how their coins are being blocked by your tool.

You can't seriously claim having any shred of honesty here. Not to mention that whoever is pressuring you to enforce the censorship is surely pressuring you to do a lot more.
legendary
Activity: 2128
Merit: 6871
I didn't mean to put words into your mouth, sorry. I claimed Samourai is a scam, and explained the reason why: it markets itself as a privacy wallet while it has very bad privacy. People who use it are promised privacy, but they don't get it. Samourai users are the victims of the Samourai scam. In contrast, zkSNACKs is not lying about its blacklisting. No dishonesty there, therefore the definition as a scam does not apply. I'm sorry, if you feel this to be an attack, these are factual statements. The truth about Samouarai is so disturbing that I'm not sure how to put things more mildly.
Please go ahead and create scam accusation topic in forum about Samourai wallet and post all evidence you gathered how exactly they scam people, than I will review everything.
If I remember correctly zkSNACKs promised privacy and it was proven earlier that it is possible to de-anonymize transactions and identify addresses and people who used Wasabi wallet, now they are blocking addresses and transactions, I wonder what's next.
And yet, you don't see me saying that Wasabi wallet is a scam...

If you don't believe me or don't get it, you can check out how Gregory Maxwell (inventor of coinjoin) and Chris Belcher (inventor of JoinMarket) put it:
I know that Gregory Maxwell and Chris Belcher don't like Samourai wallet, but I don't see them running around shouting SCAM all over the forum.
I am not defending Samourai wallet at all and the may be dishonest, but please stop acting like a child with this anti-advertisement.
Cheers.
member
Activity: 99
Merit: 326
Yes, because it's a scam. No privacy, just marketing. Whirlpool is not on the same level. Unlike Wasabi or JoinMarket, it isn't trustless. Using them you trust a third party with your privacy.
I never said it's a scam, for saying that you would need to show some proof, and I didn't hear a single case of anyone in forum getting scammed by using Samourai wallet.
Should I also consider Wasabi wallet to be a scam just because it's ignoring to mix some coins?

This is a fundamental privacy leak, which just makes the two wallet not even comparable. However the problems did not end here, I think they can be deanonymized by other means, too, but any discussion comparing the two should.
I never uses Samourai, and I know they have some privacy issues, but at least they are not blocking any addresses from mixing.
Attacking each other in current situation is just waste of time in my opinion.

I didn't mean to put words into your mouth, sorry. I claimed Samourai is a scam, and explained the reason why: it markets itself as a privacy wallet while it has very bad privacy. People who use it are promised privacy, but they don't get it. Samourai users are the victims of the Samourai scam. In contrast, zkSNACKs is not lying about its blacklisting. No dishonesty there, therefore the definition as a scam does not apply. I'm sorry, if you feel this to be an attack, these are factual statements. The truth about Samouarai is so disturbing that I'm not sure how to put things more mildly.

If you don't believe me or don't get it, you can check out how Gregory Maxwell (inventor of coinjoin) and Chris Belcher (inventor of JoinMarket) put it:

- https://bitcointalksearch.org/topic/m.51128834
- https://mobile.twitter.com/chris_belcher_/status/1345176372474425348
- https://mobile.twitter.com/chris_belcher_/status/1345176039874564097
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Samourai Wallet by default collects the xpubs of their users (past, present and future financial transactions) thus they provide zero privacy against themselves (and hackers and governments.)
In contrast with Wasabi, wherein to mix, you need to pass the legal-UTXO test? Disgrace. At least in Samourai you can run your own node and avoid handing out your master public key if that's the only problem; you're sure you're having your outputs mixed.

Should I also consider Wasabi wallet to be a scam just because it's ignoring to mix some coins?
Beyond that, they're working with chain analysis companies, treating bitcoin as non-fungible while that's the promising point of their project. It's confirmed that they did this voluntarily to protect their operation to make money. Whoever mixes with their coordinator pays for their monitoring. Completely untrustworthy individuals.
legendary
Activity: 2128
Merit: 6871
Yes, because it's a scam. No privacy, just marketing. Whirlpool is not on the same level. Unlike Wasabi or JoinMarket, it isn't trustless. Using them you trust a third party with your privacy.
I never said it's a scam, for saying that you would need to show some proof, and I didn't hear a single case of anyone in forum getting scammed by using Samourai wallet.
Should I also consider Wasabi wallet to be a scam just because it's ignoring to mix some coins?

This is a fundamental privacy leak, which just makes the two wallet not even comparable. However the problems did not end here, I think they can be deanonymized by other means, too, but any discussion comparing the two should.
I never uses Samourai, and I know they have some privacy issues, but at least they are not blocking any addresses from mixing.
Attacking each other in current situation is just waste of time in my opinion.
member
Activity: 99
Merit: 326
Sparrow is using Samourai Whirlpool and many bitcoiners who know much more about privacy tell me, don't like mixing with Whirpool.

Yes, because it's a scam. No privacy, just marketing. Whirlpool is not on the same level. Unlike Wasabi or JoinMarket, it isn't trustless. Using them you trust a third party with your privacy.

Samourai Wallet by default collects the xpubs of their users (past, present and future financial transactions) thus they provide zero privacy against themselves (and hackers and governments.) For this they say "use dojo" which is a Bitcoin full node that fixes this network level privacy disaster, however you'll still be mixing with other xpub leakers. If you're the only one who uses a full node, then the links between your inputs and outputs in the mix is trivially deanonymized by exclusion. This is a fundamental privacy leak, which just makes the two wallet not even comparable. However the problems did not end here, I think they can be deanonymized by other means, too, but any discussion comparing the two should.
legendary
Activity: 2128
Merit: 6871
Could the Sparrow wallet be an alternative?
I tested Sparrow wallet few years ago and I wrote more about that in one of my topics from 2020.
I am not sure it can replace Wasabi that was simple plug'n'play wallet, and you need to do some setting up in combination with other tools to make it work.
Sparrow is using Samourai Whirlpool and many bitcoiners who know much more about privacy then me, don't like mixing with Whirpool.

hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Could the Sparrow wallet be an alternative?
Sparrow includes an implementation of Whirlpool. As far as I know, Whirlpool by Samourai is a way better option, however you need your own node or 'RoninDojo' (a full node) to use it 100% privately.
'Sparrow Whirlpool' is not any different from 'Samourai Whirlpool', as far as I know.

I'd be interested if anyone can point to any similar flaws or vulnerabilities in Samourai wallet?
How about this?

Unless you're connecting to Whirlpool via RoninDojo, Samourai Wallet devs can deanonymize you because they will know your main wallet xpub, your pre-mix xpub, your post-mix xpub and toxic change xpub.
JL0
full member
Activity: 817
Merit: 158
Bitcoin the Digital Gold
Could the Sparrow wallet be an alternative?
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
They need more money. They literally do not care what regular users think about them: they introduced blacklisting so that large institutional investors, not plebs, which they call "criminals," can mix their money without fear of being questioned by regulators.
I think this quote that you dug up really puts the nail in the coffin.

I also like your usage of the word 'plebs' ('plebeians' would be more correct as plural - actually plebs refers to the whole group of plebeians as one); quite similarly to the Roman empire, some people always seem to think they're in a sort of 'upper class' as opposed to the 'plebeian working class'. And in this case they deem the working class criminal and fear to be confused with this presumed 'lower class'.

But honestly; if they really wish, let them play with their little UTXO set of 'upper class clean incest coins' and they'll soon realize that it just dramatically reduces the anonymity set they're in and they're cutting themselves off the whole Bitcoin ecosystem. As o_e_l_e_o said, the most stupid thing for 'plebeians' would now be to use the 'patricians' tools and comply with their arbitrary and subjective rules without any real benefit.
legendary
Activity: 2268
Merit: 18492
-snip-
As if working hand-in-hand with blockchain analysis companies wasn't bad enough, it now becomes clear that the whole point they are doing it is so they can get in to bed with centralized entities and make more sweet, sweet profits for themselves.

Just another project to add to the ever growing list of projects which started out so promisingly and then completely sold out all their users and the very principles of bitcoin to make sure they could keep lining their own pockets.

You are insane if you keep using Wasabi at this point.
legendary
Activity: 2254
Merit: 4260
🔐BitcoinMessage.Tools🔑
It's still not too late for them to undo the damage to their reputation. They have to first publicly apologize then start moving towards making their application truly decentralized by removing coordinators completely by finding a way for users to connect to each other and mix coins P2P. But that also means giving up on the money they were earning!

They need more money. They literally do not care what regular users think about them: they introduced blacklisting so that large institutional investors, not plebs, which they call "criminals," can mix their money without fear of being questioned by regulators.

But one other thing is that: if you, as a CoinJoin coordinator, if you want to work with institutional clients, hedge funds, insurance funds, Michael Saylor, and all these people, well, even if ZKSnacks were not to be regulated, those customers might very well be, maybe because they’re custodians of other people’s money or whatnot. And then these regulated entities can only become users of a coordinator—arguably, I’m not sure—if such a blacklisting is involved. Again, the major feedback that I got from institutionals regarding CoinJoin adoption was, I don’t want to mix with criminals—my compliance team is gonna take me apart on that one. Now, I don’t know if there is an actual concern here or if this is just, again, some preemptive speculative compliance, but arguably there is. So we might see this world where ZKSnacks specifically has a bunch of liquidity from institutionals that are just not comfortable to CoinJoin with another coordinator which has the Anyone can join policy, including criminals.

"I don't want to mix with criminals' dirty money" - says institutional as if their money are always "clean" by default.

legendary
Activity: 3402
Merit: 10424
Seems like Wasabi will die in a few years. It was too good to last forever.
It's still not too late for them to undo the damage to their reputation. They have to first publicly apologize then start moving towards making their application truly decentralized by removing coordinators completely by finding a way for users to connect to each other and mix coins P2P. But that also means giving up on the money they were earning!
newbie
Activity: 26
Merit: 1
Seems like Wasabi will die in a few years. It was too good to last forever.
legendary
Activity: 2254
Merit: 4260
🔐BitcoinMessage.Tools🔑
If you are telling the coordinators that you want to mix x BTC, the coordinator will know that an output of that same amount belongs to you.

I don't know about input amounts since blockchain is anyway transparent and accessible to everyone, but it definitely makes sense to not share with a coordinator the information that is not visible on the blockchain. For example, you have two outputs in your wallet, one of which came from your verified account on Binance, and the other came from a mixing service such as Chipmixer. These outputs have no connection with each other, except that their private keys were derived from the same seed words. When you register these outputs for a CoinJoin transaction, a coordinator may learn the fact that these outputs are linked to each other, and also he will know that some of Binance customers used a mixing service. A coordinator keeps records of all inputs and hands over this information to a blockchain surveillance firm or law enforcing agencies directly. Another example is when you're merging your coinjoined output with non-coinjoined output or with toxic change. In this case, it also becomes trivial to deanonymize you because by merging with unmixed outputs you make the whole process of mixing worthless.

A spy coordinator could agree to mix coin and end up not providing their signed portion of the transaction.
It is economically irrational to selectively provide services because such a coordinator would be getting less or even no income from fees. If their only goal is to spy on users, it won't be long before everyone finds out this.
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Knowing the input amounts is a lot of information to have.
But, the inputs' amounts are already publicly known.
copper member
Activity: 1610
Merit: 1898
Amazon Prime Member #7
If you are telling the coordinators that you want to mix x BTC, the coordinator will know that an output of that same amount belongs to you. A spy coordinator could agree to mix coin and end up not providing their signed portion of the transaction.
But, that would only reveal them my inputs. What I want to obfuscate is my outputs. Therefore, they have to mix with me to find that out. Same goes for Wasabi: Honeypots must have used CoinJoin just to deanonymize those who mix.
Knowing the input amounts is a lot of information to have. There are a very limited number of transactions in each block, and there are only so many transactions of x size (and so many groups of transactions that add up to x size).
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
If you are telling the coordinators that you want to mix x BTC, the coordinator will know that an output of that same amount belongs to you. A spy coordinator could agree to mix coin and end up not providing their signed portion of the transaction.
But, that would only reveal them my inputs. What I want to obfuscate is my outputs. Therefore, they have to mix with me to find that out. Same goes for Wasabi: Honeypots must have used CoinJoin just to deanonymize those who mix.
copper member
Activity: 1610
Merit: 1898
Amazon Prime Member #7
If "everyone" is a "coordinator" you are going to potentially have less privacy because you would need to tell other coordinators your inputs and outputs.
You'd only need to advertise the amount of money you want to mix. Your outputs would be created once you found a user who'd also want to mix their funds. Your inputs and outputs and their inputs and outputs would be known only to you and them. In fact, that sounds better with more people (such as with triangular connections) as the coordinators would just exchange signatures, but there would be none would know every input's destination, in contrast with Wasabi.
If you are telling the coordinators that you want to mix x BTC, the coordinator will know that an output of that same amount belongs to you. A spy coordinator could agree to mix coin and end up not providing their signed portion of the transaction.

You could also choose a reputable coordinator and do this traditionally, same as with mixers.
The reputation that mixers have tends to be that their customers will actually receive the proper amount of money, not that the mixer actually provides any kind of privacy (even though they advertise they do). It is not possible to know if a mixer keeps logs or not, and it is well documented that transactions can be traced through most mixers (with chip mixer being the exception).
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
If "everyone" is a "coordinator" you are going to potentially have less privacy because you would need to tell other coordinators your inputs and outputs.
You'd only need to advertise the amount of money you want to mix. Your outputs would be created once you found a user who'd also want to mix their funds. Your inputs and outputs and their inputs and outputs would be known only to you and them. In fact, that sounds better with more people (such as with triangular connections) as the coordinators would just exchange signatures, but there would be none would know every input's destination, in contrast with Wasabi.

You could also choose a reputable coordinator and do this traditionally, same as with mixers.
copper member
Activity: 1610
Merit: 1898
Amazon Prime Member #7
If "everyone" is a "coordinator" you are going to potentially have less privacy because you would need to tell other coordinators your inputs and outputs. I think "spy" coordinators could be used that don't (need to) actually participate in transactions, but say that they will to get the inputs and outputs. Obviously, with the status quo, there is the potential that the centralized coordinators are keeping track of this information.
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
So what's the solution here? Every user running their own coordinator, all of which communicate with everyone else's coordinator in a decentralized manner, much like the bitcoin network itself?
It could work, at least to those who're willing to run their own, otherwise we'll fall back into trust problems. Practically, it should be very easy to make it work, and even if you didn't run your own node, and it'd provide you the same level of privacy. (Assuming you're doing everything through Tor)

A coordinator's server implementation could come pre-installed in one of these Bitcoin node OSes as well, to make it easier for the masses. Just as Lightning's peer discovery.
copper member
Activity: 1610
Merit: 1898
Amazon Prime Member #7
If they are willing to ban certain inputs, then it won't be long before they are willing to cooperate with blockchain analysis and de-anonymize transactions altogether. Yet another good entity which has sold out its principles and its users. What a shame.

Still, it seems that Wasabi has never been as safe as we all think:
Using a capability that is being disclosed here for the first time, Chainalysis de-mixed the Wasabi transactions and tracked their output to four exchanges.
As you note, it appears that Wasabi transactions can already be tracked by blockchain analysis companies. Most likely, Chainanalysis did not need information from Wasabi to trace their transactions -- they only needed to use the service to see how it works.

This will push more people to centralized mixing services.
Ehh, probably not. A centralized mixing service can do the same thing.

Pardon my ignorance — but how hard is it to run such coordinators in a private manner? At the very least private enough for the authorities to have a very hard time in finding you if it's the case that you didn't comply.
Probably very difficult, if not impossible. Even if you are running a tor hidden service, the authorities will attempt to find ways to get your hidden service to leak information about the "real" IP address of your server. Pretty much every darknet site has been shut down this way.

Obviously running a coordinator is not the same as running a darknet site, so law enforcement may not put as much effort into finding the person behind it. But you never know.
legendary
Activity: 2828
Merit: 7315
This is only a small mitigation in my opinion because we will face the same conundrum as we face in something like Electrum (although Electrum isn't privacy oriented).
So what's the solution here? Every user running their own coordinator, all of which communicate with everyone else's coordinator in a decentralized manner, much like the bitcoin network itself?

Alternatively, use protocol where interaction between user isn't needed. If you're looking for example, check SNICKER[1-2] or Mimblewimble protocol.

Samourai Wallet is already unrivaled in transaction privacy, but the default configuration is still subject to network level privacy loss. Hosting your own Dojo allows you to simply bypass our default servers and circumvent these concerns.

So yeah, perhaps this information should be more visible, but they are not actively hiding it.
Honestly, it shouldn't even be an option not to run your own node if this software is supposed to be privacy-first. Their 'default nodes' shouldn't even exist, they should all be taken offline if they're serious about privacy. I have a gut feeling we'll end up with a 'Wasabi situation' sooner or later.

Alternatively, they should implement BIP 157/158 if they wish to support user with very limited resource (mainly internet bandwidth). But currently they don't support it[3].

[1] https://joinmarket.me/blog/blog/snicker/
[2] https://gist.github.com/AdamISZ/2c13fb5819bd469ca318156e2cf25d79
[3] https://www.samouraiwallet.com/bips
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Samourai Wallet is already unrivaled in transaction privacy, but the default configuration is still subject to network level privacy loss. Hosting your own Dojo allows you to simply bypass our default servers and circumvent these concerns.

So yeah, perhaps this information should be more visible, but they are not actively hiding it.
Honestly, it shouldn't even be an option not to run your own node if this software is supposed to be privacy-first. Their 'default nodes' shouldn't even exist, they should all be taken offline if they're serious about privacy. I have a gut feeling we'll end up with a 'Wasabi situation' sooner or later.
legendary
Activity: 2268
Merit: 18492
It's disingenuous though. I mean they sell it as super duper anonymous, while random SPV wallet devs don't.
I agree with you to an extent. Yes, they promote themselves as a privacy wallet, but their website is also pretty clear about the risks you take by not running your own node and the benefits to be gained by doing so. If you go to their website, immediately under the initial blurb about the wallet itself are links to Dojo. The Dojo makes it clear that you are risking privacy if you don't use Dojo:

This is only a small mitigation in my opinion because we will face the same conundrum as we face in something like Electrum (although Electrum isn't privacy oriented).
So what's the solution here? Every user running their own coordinator, all of which communicate with everyone else's coordinator in a decentralized manner, much like the bitcoin network itself?
legendary
Activity: 3402
Merit: 10424
explain how they should mitigate it, and maybe shut down their centralized coordinator altogether to encourage the proliferation of decentralized ones which won't censor transactions. But doing that would mean less money for them, so obviously much better to sell out their users than affect their profits.
This is only a small mitigation in my opinion because we will face the same conundrum as we face in something like Electrum (although Electrum isn't privacy oriented). The [coordinator] servers could simply be honeypots created by centralized deanonymizers that would directly take all the user information making mixing ineffective without needing to censor anything.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
How about this?

Unless you're connecting to Whirlpool via RoninDojo, Samourai Wallet devs can deanonymize you because they will know your main wallet xpub, your pre-mix xpub, your post-mix xpub and toxic change xpub.
Which is the case for every wallet in existence. If you aren't connecting to your own full node, then the owner of whichever node you are connecting to will be able to monitor your activity.
It's disingenuous though. I mean they sell it as super duper anonymous, while random SPV wallet devs don't. The ability to use Whirlpool without a full node is extremely misleading and barely better than not mixing at all honestly. It should not be a feature in the first place, in my opinion.
Your UTXO privacy will wholly rely on Samourai not pulling a Wasabi; and with the way they communicate and operate, they don't give me a very trustable feeling honestly. Nothing in particular regarding working with regulators or such, but the general attitude of them and unpoliteness mostly.

I believe a "for-privacy" offchain layer could be a feaible path for preseving fungibility for Bitcoin. Merely a network for handling a high volume of transactions might not be enough. Lightning is a little cumbersome to use. Users can simply trade their coins for faster shitcoins. There has to be some other form of utility for Lightning that users truly need.
Honestly, thanks to Tor trustless instant exchangers, it's easier to get Lightning funds and use them to pay than going onto a trading platform and swapping into and back out of a shitcoin. Lightning is a pretty good way to gain privacy.
legendary
Activity: 2268
Merit: 18492
I know a guy who was called to his local tax office and asked why he hasn't payed his taxes for certain types of services he offered in the past. They had proof of his transactions dating back 2-3 years. They told him he would get fined and maybe incarcerated (depending on the total amount he owes). The dude got so scared that he admitted he did it longer than the period they had proof for. Someone else would have just laughed at the accusations and made up a plausible explanation.
Selling yourself out is one thing. Selling out thousands of users who use your service is another altogether. If Wasabi were actually being sanctioned, then the correct thing to do would be as I explained above - warn people it is going to happen, explain how they should mitigate it, and maybe shut down their centralized coordinator altogether to encourage the proliferation of decentralized ones which won't censor transactions. But doing that would mean less money for them, so obviously much better to sell out their users than affect their profits.

My personal take: if they created Wasabi for the privacy they promised and truly had the intentions and ideas they mentioned they had, they would have been prepared for this moment.  And if they were prepared for this moment, they would have fought and Wasabi would have at least yet not been censored.  At least, not by their own choice of doing so.
Agree 100%. The fact that they capitulated with absolutely zero fight and of their own free will months or even years before they would actually be forced to makes me question their real motives entirely. Because honestly, their behavior is pretty indistinguishable from a honeypot; set up a privacy enhancing service, get lots of people to use it, then in one fell swoop start censoring transactions and cooperating with blockchain analysis companies.

Since you mentioned Fluffypony, I'll share a slide from a presentation he gave:

hero member
Activity: 728
Merit: 1695
Crypto Swap Exchange
But we both know that not everyone acts the same way when put under pressure or if threatened with legal consequences (now or in the future).
Had I created Wasabi, I would have assumed and prepared myself for the moment the government knocks on my door and starts asking questions or threatens me.  In fact, just think about it.  I am kind of sure I will be a target of the government myself JUST for trying to stay private.  I am not even doing anything illegal and I am already looking up ways to protect myself for when my government starts questioning me for trying to get away from CCTV's, fingerprints, smart tech et cetera and have my own corner of privacy.

Wasabi created a privacy wallet that makes a number of coins fungible.  They knew about Chainalysis.  They knew that IRS, FBI or whatever institution that was was going to pay money big time for whoever bypasses CoinJoin and Lightning Network and destroys the privacy these two create.  And this was months to years ago!  Wasabi hundred percent knew what they were doing and that some illegal transactions would get into the mix.  They hundred percent knew pressure would be put on them one day.

This is where I admire Monero's Fluffpony.  When they knocked on his door, he already knew he was a target of the government yet he did not compromise, at least yet, his project like Wasabi did.  This is like committing a crime.  When the cops come to your door, you can not come up with the excuse that you did not know how to react.  You must be prepared, and you must have a Plan B.  Even better if you also have a Plan C and Plan D, just in case the other two fail.

My personal take: if they created Wasabi for the privacy they promised and truly had the intentions and ideas they mentioned they had, they would have been prepared for this moment.  And if they were prepared for this moment, they would have fought and Wasabi would have at least yet not been censored.  At least, not by their own choice of doing so.

-
Regards,
PrivacyG
legendary
Activity: 2716
Merit: 7007
Farewell, Leo. You will be missed!
All the more reason for them to fight this. It's not the case that they must do this now or face legal action. They've probably got months if not years before whatever legislation they were threatened with is introduced, debated, amended, passed, and enacted. Plenty of time for them to fight this, mount legal challenges, lobby, campaign, etc. Instead they surrender immediately and sell out their users. Absolutely pathetic and completely untrustworthy.
I agree with you 100%. But we both know that not everyone acts the same way when put under pressure or if threatened with legal consequences (now or in the future). I know a guy who was called to his local tax office and asked why he hasn't payed his taxes for certain types of services he offered in the past. They had proof of his transactions dating back 2-3 years. They told him he would get fined and maybe incarcerated (depending on the total amount he owes). The dude got so scared that he admitted he did it longer than the period they had proof for. Someone else would have just laughed at the accusations and made up a plausible explanation.
legendary
Activity: 2870
Merit: 1794
But how would developers mitigate this in the next iteration of the "next Wasabi"? Or what other alternatives can be built, using another path, to protect and preserve Bitcoin's fungibility? Offchain layer with Zero-Knowledge Proofs perhaps? Is that possible?

Best alternative wallet I see is Mercury wallet that is working on totally different principle of swaping private keys in secure way, in that way fees are much lower and privacy can be much higher.

I don't think regulators will be able to do anything with Mercury wallet, but there is always good old mixers we all know, or using Lightning Network is viable alternative.

Instead of creating bunch of shitcoin projects, developers should focus more on making better privacy for bitcoin, but hey you can't scam people like that and become rich overnight...


I believe a "for-privacy" offchain layer could be a feaible path for preseving fungibility for Bitcoin. Merely a network for handling a high volume of transactions might not be enough. Lightning is a little cumbersome to use. Users can simply trade their coins for faster shitcoins. There has to be some other form of utility for Lightning that users truly need.
legendary
Activity: 2268
Merit: 18492
It could be a combination of both. They want to start censoring transactions now before it gets too late. They have been warned and they are now acting "accordingly" to prevent any future damage or penalties.
So instead they should say "Hey guys, we are going to have to start censoring UTXOs in the future. Take the time now to set up other coordinators or get your coins off Wasabi altogether." This whole "we are just doing what we are told" thing they are trying to cling to is pathetic.

One way to interpret this is that someone told them: Listen here you Wasabi scumbags. You either do what we tell you to do now, or you are going to be sorry you didn't listen when we change the legal framework in the future!
All the more reason for them to fight this. It's not the case that they must do this now or face legal action. They've probably got months if not years before whatever legislation they were threatened with is introduced, debated, amended, passed, and enacted. Plenty of time for them to fight this, mount legal challenges, lobby, campaign, etc. Instead they surrender immediately and sell out their users. Absolutely pathetic and completely untrustworthy.
legendary
Activity: 2716
Merit: 7007
Farewell, Leo. You will be missed!
Wasabi are censoring inputs because they want to, and not because they are being forced to. They have moved to the opposite end of the spectrum with a single decision. I cannot understand what they are thinking here. No sane person should every use Wasabi again.
It could be a combination of both. They want to start censoring transactions now before it gets too late. They have been warned and they are now acting "accordingly" to prevent any future damage or penalties.

The post witcher_sense copied says:
“There are no current regulations on ongoing joint coordinators. However, I’m aware this is going to change in the future.”[/i]
One way to interpret this is that someone told them: Listen here you Wasabi scumbags. You either do what we tell you to do now, or you are going to be sorry you didn't listen when we change the legal framework in the future!

They simply gave in...
legendary
Activity: 2268
Merit: 18492
How about this?

Unless you're connecting to Whirlpool via RoninDojo, Samourai Wallet devs can deanonymize you because they will know your main wallet xpub, your pre-mix xpub, your post-mix xpub and toxic change xpub.
Which is the case for every wallet in existence. If you aren't connecting to your own full node, then the owner of whichever node you are connecting to will be able to monitor your activity. I don't think this is a vulnerability by any means, especially since Samourai are completely transparent about this fact and encourage people to run Dojo themselves. It is more of a trade off between people wanting some privacy but not wanting to run a node, and people wanting much more privacy and therefore running a node themselves.

I was looking for a vulnerability where a user could do everything right and still be deanonymized, as is the case for this Wasabi vulnerability.
legendary
Activity: 3402
Merit: 10424
Wasabi are censoring inputs because they want to, and not because they are being forced to.
Maybe they were forced to do so, which is a lot worse IMO because they kept it silent instead of being transparent about the situation. Who knows what other backdoors they've already introduced or could introduce in the future into their project.

One thing is certain though, this team does not care about bitcoin principles such as privacy and censorship resistance.
legendary
Activity: 2254
Merit: 4260
🔐BitcoinMessage.Tools🔑
A little bit of expansion on this that I came across today: US government spooks have cracked ‘anonymous’ Bitcoin wallet Wasabi

Seems like if you have any coins in a Wasabi wallet right now then not only do you need to withdraw them before Wasabi decide to start blacklisting them, you'll also need to re-mix them (and do so thoroughly) using a different mixing method.
Here is an interesting video -- How Wasabi was "demixed" by Chainalysis Tongue

I'd be interested if anyone can point to any similar flaws or vulnerabilities in Samourai wallet?
How about this?

Unless you're connecting to Whirlpool via RoninDojo, Samourai Wallet devs can deanonymize you because they will know your main wallet xpub, your pre-mix xpub, your post-mix xpub and toxic change xpub.

legendary
Activity: 2268
Merit: 18492
Still, it seems that Wasabi has never been as safe as we all think:
Using a capability that is being disclosed here for the first time, Chainalysis de-mixed the Wasabi transactions and tracked their output to four exchanges.
A little bit of expansion on this that I came across today: US government spooks have cracked ‘anonymous’ Bitcoin wallet Wasabi

Seems like if you have any coins in a Wasabi wallet right now then not only do you need to withdraw them before Wasabi decide to start blacklisting them, you'll also need to re-mix them (and do so thoroughly) using a different mixing method.

I'd be interested if anyone can point to any similar flaws or vulnerabilities in Samourai wallet?



And in another development to this story:

However, zkSNACKs co-founder and CEO Bálint Harmat told Bitcoin Magazine that the decision to prevent some users from leveraging Wasabi for their privacy needs was a proactive one as there is no current legislation obliging them to do so.

Wasabi are censoring inputs because they want to, and not because they are being forced to. They have moved to the opposite end of the spectrum with a single decision. I cannot understand what they are thinking here. No sane person should every use Wasabi again.
legendary
Activity: 2128
Merit: 6871
But how would developers mitigate this in the next iteration of the "next Wasabi"? Or what other alternatives can be built, using another path, to protect and preserve Bitcoin's fungibility? Offchain layer with Zero-Knowledge Proofs perhaps? Is that possible?
Best alternative wallet I see is Mercury wallet that is working on totally different principle of swaping private keys in secure way, in that way fees are much lower and privacy can be much higher.
I don't think regulators will be able to do anything with Mercury wallet, but there is always good old mixers we all know, or using Lightning Network is viable alternative.
Instead of creating bunch of shitcoin projects, developers should focus more on making better privacy for bitcoin, but hey you can't scam people like that and become rich overnight...
hero member
Activity: 728
Merit: 1695
Crypto Swap Exchange
There is no need for Monero, all this can well be done on the bitcoin blockchain itself: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-February/020026.html
If that is possible, that is even better!

They made the matter even worse after 'explaining'.  People started to identify Bitcoin with illicit activities and actors and it never got censored.  Not directly on the blockchain anyway.  They do it by banning addresses on exchanges and so, they even tried censoring through miners.  Sad thing for them it did not work.  I am aware there are illicit transactions on the blockchain.  Drug deals and all that shit.  But you either have this or nothing.

This is a VERY dangerous model and the more censorship there is on the surface and externally, the more they will try to invade Bitcoin's decentralized and uncensored manner.  I am against illicit activities too.  So?  I am still against censorship.  And I would never accept a version of the Bitcoin blockchain that censors illicit transactions.  Not because I want them to exist, but because this is a precedent.  Give them an inch and they will take miles.

What we do not seem to get is that in order to have our rights taken away, they have to be taken little by little.  This is how you also take away Bitcoin's most important features.  By accepting the censorship of illicit activities, you will end up accepting censoring addresses of known oligarchs too.  Then you get to the point where you just censor whatever they want, just because they can slap a 'suspect of illicit activities' label on the UTXO.  It gets to a never ending cycle.

This Bitcoin thing is either fully uncensored or it has no point in existing.  We already have central banks doing the censoring, seizing and removal of rights for us.  But to say you are censoring because you do not like illicit activities, you either lied all this time about being pro financial freedom or you have no idea how Bitcoin works.  Or, you have to give up due to .. external pressure.  All in all, this entire mess does not help me at all with being paranoid!

-
Regards,
PrivacyG
legendary
Activity: 2254
Merit: 4260
🔐BitcoinMessage.Tools🔑
I think the closest thing is Atomic Swaps.  All the other currently existing alternatives are now closed source or honeypots.  Wasabi turned bad, Samourai was weird already.  What is left is using Bisq to enhance privacy or ChipMixer but Bisq is an exchange and ChipMixer is mostly trust based.

I imagine the open source Monero to Bitcoin Atomic Swap mechanism will be very handy for privacy.  Move Bitcoin to Monero and back and you have a new set of coins obtained in a decentralized manner.  How decentralized and open source.. is another discussion but hopefully it exceeds expectations.  Thing is, there is a large market for Bitcoin privacy and fungibility.  I would imagine many would pay big prices to have some privacy over here, so who gets to offer the perfect solution will earn money big time.

-
Regards,
PrivacyG
There is no need for Monero, all this can well be done on the bitcoin blockchain itself: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-February/020026.html

EDIT:

Wasabi Wallet Parent Company Explains Decision To Censor Bitcoin Transactions

“People started to identify Wasabi with illicit activities and actors, and we wanted to differentiate ourselves from these players in the space,” Harmat said, adding that the route taken on Sunday was zkSNACKs’ solution to enforce it.

“We were always against using [CoinJoin] for illicit activities, and as far as we could see from the news, lots of actors started to take advantage of the software,” Harmat said. “And this created really bad press for us.”

“Wasabi is for people to preserve their privacy, and not for hiding illicit activities,” he added.

“We did our research and really went into the legal details,” Harmat said. “There are no current regulations on ongoing joint coordinators. However, I’m aware this is going to change in the future.”

We haven’t been thinking about implementing a new user interface for switching the coordinator,” Harmat said, when asked if Wasabi would take proactive steps to ensure a more straightforward way for users to choose a different coordinator. “Obviously the whole project is open, anyone is free to do whatever they want to do with it.”
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Is "Samourai wallet" really the alternative to go to? I remember it also having some controversy. A small one was that it used to send (maybe it still does) user's xpubs to their servers whereas it only needs to send the address(es) that need be updated.
They harassed G. Maxwell for pointing it out too ref
They've apparently harassed others too ref.

In any case I believe both Wasabi and Samourai wallets are unpopular and unreveiwed softwares (despite what it may look like from their community). They both have some degree of shadiness which is not something you want in a privacy oriented software!
Wow, thanks for this information! They both always seemed slick looking (website, screenshots), but at the same time gave me a weird gut feeling. Somehow the 'hyped up' attitude of one or both (I don't remember) on Twitter and large claims as well as the 'too nice'(do you know what I mean? Cheesy) websites somehow threw me off a bit. Fortunately I haven't used either so far, so I guess I haven't leaked anything to chain analysis or their servers through these programs.
In the end, the simplest stuff is the best. Full node with electrs, open source thin clients and usage of coin control. Mixing with trusted service if needed or paying stuff through Lightning...

I imagine the open source Monero to Bitcoin Atomic Swap mechanism will be very handy for privacy.
True, atomic swaps are pretty cool. I'm looking forward to seeing what comes out of this development, it seems compelling!
hero member
Activity: 728
Merit: 1695
Crypto Swap Exchange
But how would developers mitigate this in the next iteration of the "next Wasabi"? Or what other alternatives can be built, using another path, to protect and preserve Bitcoin's fungibility?
I think the closest thing is Atomic Swaps.  All the other currently existing alternatives are now closed source or honeypots.  Wasabi turned bad, Samourai was weird already.  What is left is using Bisq to enhance privacy or ChipMixer but Bisq is an exchange and ChipMixer is mostly trust based.

I imagine the open source Monero to Bitcoin Atomic Swap mechanism will be very handy for privacy.  Move Bitcoin to Monero and back and you have a new set of coins obtained in a decentralized manner.  How decentralized and open source.. is another discussion but hopefully it exceeds expectations.  Thing is, there is a large market for Bitcoin privacy and fungibility.  I would imagine many would pay big prices to have some privacy over here, so who gets to offer the perfect solution will earn money big time.

-
Regards,
PrivacyG
legendary
Activity: 2828
Merit: 7315
In any case I believe both Wasabi and Samourai wallets are unpopular and unreveiwed softwares (despite what it may look like from their community). They both have some degree of shadiness which is not something you want in a privacy oriented software!

There aren't many alternatives though. Besides those two, i only could think JoinMarket.

I'm not familiar with Wasabi (though I've heard the name before) or coinjoin.  Is Wasabi a centralized wallet, like a web wallet?

Wasabi is non-custodial wallet. You also have option to connect Wasabi to your own full node.
legendary
Activity: 2870
Merit: 1794
Quote

The default Wasabi Wallet coordinator will start censoring "illegal" UTXOs


It FAILED to live up to Bitcoin's ethos. But how would developers mitigate this in the next iteration of the "next Wasabi"? Or what other alternatives can be built, using another path, to protect and preserve Bitcoin's fungibility? Offchain layer with Zero-Knowledge Proofs perhaps? Is that possible?

legendary
Activity: 2254
Merit: 4260
🔐BitcoinMessage.Tools🔑
Is "Samourai wallet" really the alternative to go to? I remember it also having some controversy. A small one was that it used to send (maybe it still does) user's xpubs to their servers whereas it only needs to send the address(es) that need be updated.
They harassed G. Maxwell for pointing it out too ref
They've apparently harassed others too ref.

In any case I believe both Wasabi and Samourai wallets are unpopular and unreveiwed softwares (despite what it may look like from their community). They both have some degree of shadiness which is not something you want in a privacy oriented software!
Samourai Wallet is not a good alternative to Wasabi Wallet and never has been because:
1) Samourai Wallet knows everything about your transactions since all the addresses and public keys go through their server. If you connect to their trusted node, it only gives you a false sense of security and privacy due to the fact that everything is already exposed to their server, and their node does nothing but simply relaying transactions. I think they can easily demix you because they will know your incoming and outgoing transactions. [1]
2) They constantly lie about their wallet being reproducible while in fact, it is not, which was checked and proved many times. In my opinion, if it is not reproducible, it is closed-sourced and probably malicious. [2]
3) Their sockpuppets are attacking Giacomo Zucco just for the fact that when talking about CoinJoin implementations in his famous article regarding privacy, he put Samourai after Wasabi and JoinMarket. Clearly, he should have mentioned it first to not offend and hurt feelings of Samourai developers! [3][4]


[1] https://www.reddit.com/r/Bitcoin/comments/9r9344/comment/e8fm1v8/
[2] https://walletscrutiny.com/android/com.samourai.wallet/
[3] https://t.me/nobullshitbitcoin/2615?comment=14516
[4] https://giacomozucco.com/a-treatise-on-bitcoin-and-privacy-part-1-a-match-made-in-the-whitepaper
legendary
Activity: 3234
Merit: 6706
Proudly Cycling Merits for Foxpup
Thinking realistically — it's not going to stop. And yea, I'm pretty sure it's either due to government intervention or that they're taking extra safety precautions because they expect the government to interfere.
You mean think very, very cynically--and to be honest I'm not even sure at this point what the difference is between being cynical and being realistic, what with all the BS politicians and the media get away with.

I'm not familiar with Wasabi (though I've heard the name before) or coinjoin.  Is Wasabi a centralized wallet, like a web wallet?  And I'm assuming coinjoin is a feature they offer.  In any case, there could indeed be pressure from a government agency or it could just be them being proactive, anticipating that sooner or later they'll fall smack dab in the center of the microscope slide. 

I'm not saying Russia has any grounds for invading Ukraine, but when I watch the news (any news from any station), they're not-so-subtly giving everyone the hint that there's only one way to think about this situation.  And what do you know?  I just saw there's a series from 2019 being promoted (The Last Czar) which is apparently all about Russia's history of autocracy/dictatorship/whatever.  That's got to be a coincidence, I'm sure.
legendary
Activity: 3402
Merit: 10424
Is "Samourai wallet" really the alternative to go to? I remember it also having some controversy. A small one was that it used to send (maybe it still does) user's xpubs to their servers whereas it only needs to send the address(es) that need be updated.
They harassed G. Maxwell for pointing it out too ref
They've apparently harassed others too ref.

In any case I believe both Wasabi and Samourai wallets are unpopular and unreveiwed softwares (despite what it may look like from their community). They both have some degree of shadiness which is not something you want in a privacy oriented software!
hero member
Activity: 728
Merit: 1695
Crypto Swap Exchange
nopara73 has just admitted they would hire a blockchain surveillance company to analyze every single UTXO that join to participate in a CoinJoin transactions.


Wow, excuse my language but what the actual fuck.  I hope they are going broke now, because this is crazy and this is one reason we never have peace from governments.  Because of these suckers who would rather continue earning money by bending knees than continue to support the ideas Wasabi was created out of.

I specifically used Wasabi to AVOID blockchain analysis companies messing up with my stuff.  Why the hell would I ever use Wasabi again when I know using it means literally being part of an analysis from now on?

Fuck that.  This is why we need a hundred-percent decentralized and open source mechanism of mixing.  I keep seeing suggestions for Samourai's Whirlpool, but is it better than Wasabi really or could it be yet another honeypot?

-
Regards,
PrivacyG
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
I was going to complaint that Samourai Wallet only available for Android, then i found out Whirlpool is separate software and available on Desktop.
I always had the same issue with it (I prefer desktop software), but Whirlpool for the desktop requires you to install Java, which I'm not particularly fond of. They should maybe package it with the binary or something like that; for now I'll give it a pass.

They have AppImage which should bundle all dependency (including Java). But what's your problem with Java? If you don't want install closed source software, you could install OpenJDK.
Honestly, a few things. Besides me not liking the language and the program running in a VM instead of bare-metal being less efficient, whenever I started using programs that depended on Java in the past, it ended up in desaster. Some programs required different versions than others, then some versions interfered with each other; uninstalling Java also didn't go cleanly all the time - this sort of stuff.
But I'll try the 'AppImage' then. Thanks!
legendary
Activity: 2828
Merit: 7315
I was going to complaint that Samourai Wallet only available for Android, then i found out Whirlpool is separate software and available on Desktop.
I always had the same issue with it (I prefer desktop software), but Whirlpool for the desktop requires you to install Java, which I'm not particularly fond of. They should maybe package it with the binary or something like that; for now I'll give it a pass.

They have AppImage which should bundle all dependency (including Java). But what's your problem with Java? If you don't want install closed source software, you could install OpenJDK.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
I think that's one of the reasons Satoshi actually disappeared. If you've got a centralized team, no matter how decentralized your software is, governments will have a weak spot to put pressure on and they'll sooner or later have to cave in.
I think he decided to disappear after he found out that Gavin Andresen was invited by the CIA to discuss Bitcoin. Satoshi was in contact with Gavin and they discussed the protocol until Gavin told him he is meeting up with the CIA. That's when all the communication between the two stopped. Gavin mentioned that somewhere. The negative spotlight that was put on Bitcoin due to the Silk Road marketplace was also a factor. 
That's very interesting insight, thanks! Definitely makes sense.

Everyone should be uninstalling Wasabi now. You'd be an idiot not to. In other news, 30% off all Samourai whirlpool fees for the next week using the code WASABI_REFUGEES.

I was going to complaint that Samourai Wallet only available for Android, then i found out Whirlpool is separate software and available on Desktop.
I always had the same issue with it (I prefer desktop software), but Whirlpool for the desktop requires you to install Java, which I'm not particularly fond of. They should maybe package it with the binary or something like that; for now I'll give it a pass.
legendary
Activity: 2716
Merit: 7007
Farewell, Leo. You will be missed!
Another one bites the dust!

In that list of illegal activities, there is no mention of mixing your coins with ChipMixer and than performing CoinJoins with Wasabi. But since they are now cooperating with anal alpinist, I mean blockchain analysis companies, it's better to abandon the service and look for alternative solutions.

I think that's one of the reasons Satoshi actually disappeared. If you've got a centralized team, no matter how decentralized your software is, governments will have a weak spot to put pressure on and they'll sooner or later have to cave in.
I think he decided to disappear after he found out that Gavin Andresen was invited by the CIA to discuss Bitcoin. Satoshi was in contact with Gavin and they discussed the protocol until Gavin told him he is meeting up with the CIA. That's when all the communication between the two stopped. Gavin mentioned that somewhere. The negative spotlight that was put on Bitcoin due to the Silk Road marketplace was also a factor. 
legendary
Activity: 3402
Merit: 10424
Developers of privacy enhancing tool should not even mention anti-privacy companies let alone hire them! They're essentially funding the enemy of the privacy. Who knows what else they are doing.

On some serious note, have any experts actually checked Wasabi source code and the implementation of CoinJoin in the past? Or are people just trusting the popularity and having the source without reading it?
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
And all this with a webpage like that:

nopara73 has just admitted they would hire a blockchain surveillance company to analyze every single UTXO that join to participate in a CoinJoin transactions.



https://t.me/WasabiWallet/63992
legendary
Activity: 3612
Merit: 8904
https://bpip.org
"anal company" sounds about right. Lovely that he's calling it censorship and making it sound like there is no other way. Spread your cheeks comrades.

Or just don't use Wasabi.
legendary
Activity: 2268
Merit: 18492
-snip-
Wow. This is horrendous. Wasabi actively paying blockchain analysis companies. That's definitely where I want my coinjoin fees to be going - straight to a blockchain analysis company. I love paying other people to spy on me. Roll Eyes

Everyone should be uninstalling Wasabi now. You'd be an idiot not to. In other news, 30% off all Samourai whirlpool fees for the next week using the code WASABI_REFUGEES.
legendary
Activity: 2254
Merit: 4260
🔐BitcoinMessage.Tools🔑
Well, they only need to cooperate in this sense to have the blockchain analysis entity feed them data about which UTXO's to block. But as I said, if they cooperate like this then it won't be long before that cooperation becomes a two way street, with them feeding data back to the blockchain analysis entity.
nopara73 has just admitted they would hire a blockchain surveillance company to analyze every single UTXO that join to participate in a CoinJoin transactions.



https://t.me/WasabiWallet/63992

I've heard that wallet before, but does anyone know how often CoinJoin process happen? Waiting few days for single CoinJoin isn't practical.
I don't know much about this coordinator, but I know that the maximum anonset per round is 6 whereas in default Wasabi coordinator you can achieve an anonset of 100.

Here is an old tweet with screenshots: https://twitter.com/HillebrandMax/status/1303034788920668161

legendary
Activity: 2128
Merit: 6871
Here is a fork of Wasabi Wallet called https://chaincase.app/, which is available on iOS and which is running its own coordinator.
I never heard about this fork and I am checking it out now, but real bad thing is having wallet that only works on iOS devices :/
Desktop version is probably more complicated to make, but I don't know why there is no Android version, this is just a fork after all, how hard can it be.
I am sure originally Wasabi wallet will still work fine with some tweaks, but this could sadly mean much less volume and much less privacy.

legendary
Activity: 2268
Merit: 18492
Pardon my ignorance — but how hard is it to run such coordinators in a private manner? At the very least private enough for the authorities to have a very hard time in finding you if it's the case that you didn't comply.
Depends how private you want to be I guess. No reason you can't run a server over Tor and make all users connect to it over Tor as well, though. Or there is the decentralized option which pooya87 outlined where everyone becomes their own server, so to speak.

In fact, they need to cooperate with blockchain analysis to obtain information about "taint" UTXOs.
Well, they only need to cooperate in this sense to have the blockchain analysis entity feed them data about which UTXO's to block. But as I said, if they cooperate like this then it won't be long before that cooperation becomes a two way street, with them feeding data back to the blockchain analysis entity.

I know such option exist, but last time i checked,
1. You need to use terminal to change the coordinator. It's not user friendly and most users don't know such feature exist.
2. The documentation never state you can use different coordinator.

I feel it's meant for debugging/advance user rather than additional feature for all users due to reason i mentioned above.
All the more reason Wasabi should do things differently here. Rather than saying "We will block UTXOs, suck it up and deal with it", they should have said "We are being forced to block UTXOs against our will. As a result, here is a link to the zkSNACKs coordinate source code, here is a guide on how to set one up, we are putting a new menu in to Wasabi wallet to let you easily choose a different coordinator, we are starting development on decentralized coordinators, etc."
legendary
Activity: 2828
Merit: 7315
--snip--
In other words if Wasabi team were so worried about providing users with a privacy enhancing method, instead of "bending the knee" they should have eliminated the need for a centralized server.

It would be great if it's possible. But i doubt it's easy task, especially with large participant.

If they really hate it, at least they should give user option to use different coordinator. I expect someone will try to run their own coordinator.
Actually, there has always been an option in Wasabi Wallet to connect to your own or any other existing coordinator to be less reliant on the Wasabi team that runs the biggest coordinator. Yeah, the reason most people have been using zkSNACKs coordinator is that it is the most popular one. The more popular the coordinator is, the bigger crowd it attracts. The bigger the crowd is, the easier it is to obfuscate your transactions and harder to attack the wallet with Sybil attacks.

I know such option exist, but last time i checked,
1. You need to use terminal to change the coordinator. It's not user friendly and most users don't know such feature exist.
2. The documentation never state you can use different coordinator.

I feel it's meant for debugging/advance user rather than additional feature for all users due to reason i mentioned above.

Here is a fork of Wasabi Wallet called https://chaincase.app/, which is available on iOS and which is running its own coordinator. You can connect your Wasabi Wallet to this coordinator using the following method: https://github.com/chaincase-app/chaincase/discussions/119

I've heard that wallet before, but does anyone know how often CoinJoin process happen? Waiting few days for single CoinJoin isn't practical.
legendary
Activity: 2758
Merit: 3407
Join the world-leading crypto sportsbook NOW!
Things like this should definitely be expected to come at some point if you think realistically. But yea — kinda earlier than expected, but at the same time I think we already saw mixers get pursued by the authorities so I guess I'm not THAT surprised.

Anyway, wish some devs would just fork the privacy coinjoin stuff and integrate it to Bitcoin Core; if it's possible, that is.

Yeah, I think you, I and anyone paying attention will probably have to expect the worst when it comes to mixers (and I'm sure you guys all know what I'm talking about), and we'd probably have to expect it sooner rather than later. The only hopeful thing I can see is that some mixers still operate a little less visibly than the likes of Wasabi. And, in acknowledgment of above discussions on commercial/profiteering interest, some still choose to operate with clearer goals that would not see them give in to regulator pressure without a fight.
legendary
Activity: 3402
Merit: 10424
It's not profitable for them to develop or run a decentralized server since in this case they wouldn't collect any fees.
Sadly this has been a plague that the cryptocurrency world has been suffering from. Developers who want to ensure a way to make money from the "open source" project they are producing. We have altcoins that premine, run ICO fundraising,... we have DEXes that are centralized because the developer wants to earn money from fees, ... and now we have mixer that wants to make money and is censoring transactions!

It's kinda philosophical but strongly believe one of the reasons why Bitcoin is so successful is that Satoshi didn't create it to make money. Conversely one of the reasons why so many altcoins failed or are failing is because they did the opposite.
legendary
Activity: 2254
Merit: 4260
🔐BitcoinMessage.Tools🔑
If they really hate it, at least they should give user option to use different coordinator. I expect someone will try to run their own coordinator.
Actually, there has always been an option in Wasabi Wallet to connect to your own or any other existing coordinator to be less reliant on the Wasabi team that runs the biggest coordinator. Yeah, the reason most people have been using zkSNACKs coordinator is that it is the most popular one. The more popular the coordinator is, the bigger crowd it attracts. The bigger the crowd is, the easier it is to obfuscate your transactions and harder to attack the wallet with Sybil attacks.

Here is a fork of Wasabi Wallet called https://chaincase.app/, which is available on iOS and which is running its own coordinator. You can connect your Wasabi Wallet to this coordinator using the following method: https://github.com/chaincase-app/chaincase/discussions/119

What is interesting about this is that you can participate in CoinJoin transactions with amounts as little as 0.01BTC.

In other words if Wasabi team were so worried about providing users with a privacy enhancing method, instead of "bending the knee" they should have eliminated the need for a centralized server.
It's not profitable for them to develop or run a decentralized server since in this case they wouldn't collect any fees.


If they are willing to ban certain inputs, then it won't be long before they are willing to cooperate with blockchain analysis and de-anonymize transactions altogether. Yet another good entity which has sold out its principles and its users. What a shame.

In fact, they need to cooperate with blockchain analysis to obtain information about "taint" UTXOs.
legendary
Activity: 3402
Merit: 10424
If they really hate it, at least they should give user option to use different coordinator. I expect someone will try to run their own coordinator.
I tend to not comment on technologies I'm not familiar with but I believe that in CoinJoin protocol using a centralized coordinator is only one of the ways of doing things (the easiest way). There is another way that doesn't introduce this single point of failure.

Quote from: gmaxwell link=topic=279249.msg2983902#msg2983902
Does the totally private version need to have a server at all? What if it gets shut down?

No. The same privacy can be achieved in a decentralized manner where all users act as blind-signing servers. This ends up needing n^2 signatures, and distributed systems are generally a lot harder to create.  I don't know if there is, or ever would be, a reason to bother with a fully distributed version with full privacy, but it's certainly possible.

In other words if Wasabi team were so worried about providing users with a privacy enhancing method, instead of "bending the knee" they should have eliminated the need for a centralized server.
mk4
legendary
Activity: 2716
Merit: 3816
🪸 NotYourKeys.org 🪸
Absolutely. The coordinator code is open source, so anyone can download it and spin up their own instance. That would solve the immediate problem if everyone switched to a different coordinator, but it doesn't stop these other coordinators being pressured in to implementing the same restrictions and it doesn't change the fact that Wasabi did this in the first place instead of fighting against it.

Pardon my ignorance — but how hard is it to run such coordinators in a private manner? At the very least private enough for the authorities to have a very hard time in finding you if it's the case that you didn't comply.
legendary
Activity: 2268
Merit: 18492
Just as Samourai were right on the money a few weeks ago when they tweeted about AOPP, they are right on the money again with their tweets regarding this nonsense from Wasabi: https://nitter.net/SamouraiWallet/status/1503389170672226308

Would it be possible for some to start running coordinators?
Absolutely. The coordinator code is open source, so anyone can download it and spin up their own instance. That would solve the immediate problem if everyone switched to a different coordinator, but it doesn't stop these other coordinators being pressured in to implementing the same restrictions and it doesn't change the fact that Wasabi did this in the first place instead of fighting against it.
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
According to this tweet, they "are trying to protect the company and the project by minimizing the amount of these hackers and scammers using the coordinator and getting us in trouble. This should be in the rights of the company to do but believe me, none of us are happy about this."
They should protect the company, but what's the point if they don't protect the users? This is serious and requires drastic measures. Would it be possible for some to start running coordinators? I believe there could be few from each community willing to run their own. No?
sr. member
Activity: 856
Merit: 422
legendary
Activity: 3612
Merit: 8904
https://bpip.org
I used Wasabi a few times thinking it would be easier than JoinMarket... and maybe it is but that doesn't outweigh the disadvantages like minimum amounts and exorbitant fees. And JoinMarket effort is mainly just a one-time setup thing and it's reasonably safe for my purposes if used with Tor.

3, 4. Maybe Joinmarket, although if this is a precedent then expect Whirlpool and Joinmarket to join the censorship.

JoinMarket nodes decide to sign or not to sign the TX so I don't think this type of censorship would work.

If they are willing to ban certain inputs, then it won't be long before they are willing to cooperate with blockchain analysis and de-anonymize transactions altogether. Yet another good entity which has sold out its principles and its users. What a shame.

Yeah especially if they get subpoenaed. Their TOS doesn't seem to say that they don't keep logs.
legendary
Activity: 2128
Merit: 6871
Hmmm just when I started testing new Wasabi 2.0 testnet version  Tongue
First we had voting for ban of proof-of-work in European Parliament and now this news concerning Wasabi wallet and zkSNACKs coordinator.
They are obviously pushing hard on all fronts and regular users don't even know how to react with all this changes related with bitcoin regulations.
I think this could move people away from Wasabi to something that I tested last year and I think it's superior privacy project called Mercury wallet.
More information can be found in Mercury wallet topic:
https://bitcointalksearch.org/topic/mercury-wallet-mercury-layer-privacy-for-bitcoin-5334221
legendary
Activity: 2268
Merit: 18492
I haven't used Wasabi for a while, but I won't be using it again.

If they are willing to ban certain inputs, then it won't be long before they are willing to cooperate with blockchain analysis and de-anonymize transactions altogether. Yet another good entity which has sold out its principles and its users. What a shame.

Still, it seems that Wasabi has never been as safe as we all think:
Using a capability that is being disclosed here for the first time, Chainalysis de-mixed the Wasabi transactions and tracked their output to four exchanges.

mk4
legendary
Activity: 2716
Merit: 3816
🪸 NotYourKeys.org 🪸
It definitely had to come from somewhere, external pressure, etc. As long as the devs are known, and their tech (in this case CJ) is used for activity enforcement's come to know of, they're going to have to comply (or face some very unsavoury penalty to be sure).

MetaMask I expected, not Wasabi so soon but yeah, probably naive to think that they could have gone on without getting tapped. Sucks ass, but we're going to have to increase the threshold for our worse expectations.

Things like this should definitely be expected to come at some point if you think realistically. But yea — kinda earlier than expected, but at the same time I think we already saw mixers get pursued by the authorities so I guess I'm not THAT surprised.

Anyway, wish some devs would just fork the privacy coinjoin stuff and integrate it to Bitcoin Core; if it's possible, that is.
legendary
Activity: 2758
Merit: 3407
Join the world-leading crypto sportsbook NOW!
So where is this censorship going to stop? Are they going to say we are no longer accepting users from country A, B, C, D? Or claim the government ordered them to censor a list of addresses?

Thinking realistically — it's not going to stop. And yea, I'm pretty sure it's either due to government intervention or that they're taking extra safety precautions because they expect the government to interfere. It totally sucks, but I really don't blame them for the decision.

It definitely had to come from somewhere, external pressure, etc. As long as the devs are known, and their tech (in this case CJ) is used for activity enforcement's come to know of, they're going to have to comply (or face some very unsavoury penalty to be sure).

MetaMask I expected, not Wasabi so soon but yeah, probably naive to think that they could have gone on without getting tapped. Sucks ass, but we're going to have to increase the threshold for our worse expectations.
mk4
legendary
Activity: 2716
Merit: 3816
🪸 NotYourKeys.org 🪸
The precedent is set: bitcoin wallet developers and providers now get to decide which transactions are accepted in their wallet and which are not. Bitcoin is not fungible anymore, even on a non-custodial wallet's level.

That's probably too much of a stretch. I mean, there's a reason why it's heavily recommended for people to run their own full nodes. You've worded it as if "it's over" with bitcoin lol.
hero member
Activity: 728
Merit: 1695
Crypto Swap Exchange
Wow, this sucks.  It confirms previous fears of mine that if they can not censor Bitcoin directly, they will try to do it by strictly censoring exchanges, ATM's, wallets et cetera.  If and when Bitcoin gets a fully working user friendly and fully decentralized Atomic Swap mechanism with Monero, this problem will be gone as it allows you get to privacy immediately without having to rely on trust or censored coordinators.  That is unless GitHub gets censored too..

Anyway, what options do users, who want their transactions coinjoined with Wasabi Wallet, actually have?

1) Should they use other mixing solutions like centralized mixers before sending their funds to Wasabi?Wallet?
2) Should they create a sufficient number of hops artificially before sending funds to Wasabi?Wallet?
3) Should they start looking for, or building their own, custom, more decentralized, coordinators?
4) Maybe they should switch for other CoinJoin implementations like Whirlpool or Joinmarket and forget about using Wasabi Wallet?
1. If 'illegal' UTXOs are banned, then we can safely assume coins coming out of mixers will be banned as well.
2. This seems to be the best option.  I think Samourai already has this option of generating artificial hops?  I highly doubt an 'illegal' UTXO that has been through 20-30 hops would still be banned.  That is, unless they decide to ban a UTXO and include any future address they may end up at into the ban.  This is however unrealistic, the number of non banned UTXOs will very quickly shrink to zero.
3, 4. Maybe Joinmarket, although if this is a precedent then expect Whirlpool and Joinmarket to join the censorship.

-
Regards,
PrivacyG
legendary
Activity: 2254
Merit: 4260
🔐BitcoinMessage.Tools🔑
that they're taking extra safety precautions because they expect the government to interfere.
According to this tweet, they "are trying to protect the company and the project by minimizing the amount of these hackers and scammers using the coordinator and getting us in trouble. This should be in the rights of the company to do but believe me, none of us are happy about this."

Perhaps they are afraid that Russian oligarchs will try to circumvent sanctions by obfuscating their transactions with Wasabi Wallet CoinJoins?

Anyway, what options do users, who want their transactions coinjoined with Wasabi Wallet, actually have?

1) Should they use other mixing solutions like centralized mixers before sending their funds to Wasabi?
2) Should they create a sufficient number of hops artificially before sending funds to Wasabi?
3) Should they start looking for, or building their own, custom, more decentralized, coordinators?
4) Maybe they should switch for other CoinJoin implementations like Whirlpool or Joinmarket and forget about using Wasabi Wallet?

The precedent is set: bitcoin wallet developers and providers now get to decide which transactions are accepted in their wallet and which are not. Bitcoin is not fungible anymore, even on a non-custodial wallet's level.
legendary
Activity: 3402
Merit: 10424
It is sad, but it's either you cooperate or you get shut down; or worse, you get put to jail.
There is always a third option which is full decentralization and full transparency.
Unless the dev lives in a traditional dictatorship (instead of the modern dictatorship) they can always be transparent about everything including if the government has put any pressure on them to change any part of the open source code they've released and also being open source and decentralized, any such change would be found out immediately.
mk4
legendary
Activity: 2716
Merit: 3816
🪸 NotYourKeys.org 🪸
I think that's one of the reasons Satoshi actually disappeared. If you've got a centralized team, no matter how decentralized your software is, governments will have a weak spot to put pressure on and they'll sooner or later have to cave in.
Yes. To be fair with Wasabi/zkSNACKs though, they never claimed to be decentralized in the first place, no? Their software is just non-custodial.

It's sad, since I like to give developers the benefit of the doubt that they don't want to play along.
It is sad, but it's either you cooperate or you get shut down; or worse, you get put to jail.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
So where is this censorship going to stop? Are they going to say we are no longer accepting users from country A, B, C, D? Or claim the government ordered them to censor a list of addresses?

Thinking realistically — it's not going to stop. And yea, I'm pretty sure it's either due to government intervention or that they're taking extra safety precautions because they expect the government to interfere. It totally sucks, but I really don't blame them for the decision.
I think that's one of the reasons Satoshi actually disappeared. If you've got a centralized team, no matter how decentralized your software is, governments will have a weak spot to put pressure on and they'll sooner or later have to cave in. It's sad, since I like to give developers the benefit of the doubt that they don't want to play along.
mk4
legendary
Activity: 2716
Merit: 3816
🪸 NotYourKeys.org 🪸
So where is this censorship going to stop? Are they going to say we are no longer accepting users from country A, B, C, D? Or claim the government ordered them to censor a list of addresses?

Thinking realistically — it's not going to stop. And yea, I'm pretty sure it's either due to government intervention or that they're taking extra safety precautions because they expect the government to interfere. It totally sucks, but I really don't blame them for the decision.
legendary
Activity: 3402
Merit: 10424
This is exactly why I always complain whenever I see even a small trace of centralization (mainly about DEX and the fact that there is a central server involved in it somewhere).

So where is this censorship going to stop? Are they going to say we are no longer accepting users from country A, B, C, D? Or claim the government ordered them to censor a list of addresses?
legendary
Activity: 2254
Merit: 4260
🔐BitcoinMessage.Tools🔑
The tweet: https://twitter.com/wasabiwallet/status/1503091503207432193



Essentially, they will start refusing UTXOs associated with illegal activities, preventing them from participating in CoinJoin transactions. The list of what they are considering illegal can be found here: https://twitter.com/ODELL/status/1503141547071754242

It is not clear how they will determine if certain UTXOs are illegal or not, but it all definitely can be called an attack on fungibility and privacy. If this news is true, the default coordinator run by zkSNACKs company is no longer a reliable solution to coinjoin your transactions.


Jump to: