I remember reading that report thoroughly at the time it was shared. I agree that the structure that ChipMixer used, and the similar structure that Whirlwind is now using, meant that they can't be broken in the same way as traditional mixers exactly for the reasons whirlwindmoney has given above. By allowing users to deposit different amounts to different addresses at different times, to combine and split these amounts freely, to do so over any period of time desired, and then to withdraw any amount of coins from their vouchers/notes, it becomes impossible to track inputs and outputs in the same way this report does. Of course users can still make mistakes such as combining mixed and unmixed UTXOs, but the service itself is not at fault in such cases.
My feeling would be that the fast option would potentially be breakable in the same way that every other mixer is, but notes would not be breakable in the same way that ChipMixer wasn't.
And of course if things get as far as blinded certificates, then it becomes provably impossible to link deposits and withdrawals via blockchain analysis, since certificate issuing, trading, spending, and redeeming, all happens off chain and Whirlpool are blinded to the individual certificates.
If we didn't have the Notes then I agree, Fast mode would have the same disadvantages as any other mixer. But since outputs from Notes and Fast look exactly the same there is no way for any outside observer to know which mode you used. So Fast mode is as secure as the Notes from a privacy set standpoint. I would still recommend using Notes regardless because they offer the end-user full control over the process.
I'll ask again: If you have access to the backup where the seeds of all signers are stored, finally total control comes down to you. Did I understand correctly? If I didn't, please enlighten me cause seems I didn't get it then.
Yes you understood correctly, I have total control. I explained in previous messages that the multi-sig's purpose is to protect against external attackers, not against myself.
Considering the recent situation with Chipmixer, I think this is definitely a valid question.
Rather than asking a few questions about user privacy, I will ask another kind of question.
What preventative measures have you taken to protect yourself from arrest and federal government seizure of website assets (i.e: how do you plan to avoid Cipmixer's fate)?
It sure is a valid question and I understand the concern, I'll share my view on this issue. As I said since before I even launched the service, I am hoping for the best while preparing for the worst.
I could give more technical details about our security, but all I will say for now is that we took the most extreme security precautions possible. Our "hot wallet" is a 3/3 multi-sig with one of the signers being a physical server, so funds are safe. The infrastructure looks like a mini blockchain (with only 3 validators or signers which are all run by us for now), so even if the frontend or backend servers would get hacked, no funds could be stolen since faking guarantee letters using the backend server doesen't do anything as the signers would also have to verify. It's complicated, but like I said before if I'll find willing trusted members to run signers with us I am willing to do it.
Having said all of the above as far as I'm concerned I am not doing anything illegal. I don't encourage illegal activity and will never promote the service on the darknet or for any illegal purposes, I'm a simple provider of privacy services. There are no statistics regarding % of CEX funds coming from illicit sources so we can't compare to what we know about mixers, but my guess is that the number is very similar if not higher for centralized exchanges. There are bad actors in every industry, you can't just shut down all businesses of one type because of a few bad apples. If the service will start to get seriously abused by bad actors and big pressure will be put on us then I'd much rather shut down the service early and honorably than put users funds and privacy at risk, but for now I still believe there has to be a way to run everything legally. This is not because I don't believe Bitcoin is fungible or anything of this sort, but regardless if the service gets seized or sanctioned, the end result is the same as in it can't really be used anymore, so everyone loses. Having great security is a must, but relying on this by itself doesen't generate any value for the long term. I'd much rather try to find a way in which everyone is happy, or at the very least not too unhappy, while users enjoy full privacy. This is what they pay for and nothing less is acceptable
I also want to emphasize that I have not commited any crimes while creating Whirlwind, for example identity theft.
Even though I don't believe I have anything to worry about, I'd still prefer to add more signers to the multi-sig so I don't have full control anymore. This would make it safer for everyone, I really do not like the fact that users have to trust me. For now this is the only option though, and I will not take any steps in this direction unless I am 100% sure it's done in a safe way. The community would also have to agree with the plan before I set it in motion