Topic: Ultimate Bitcoin Privacy - Discussion - page 3. (Read 1648 times)

I'd suggest when selecting trusted members of the community to act as additional signers, those members reside in regions that:

a) aren't openly hostile to Bitcoin,
b) aren't aligned with US/EU interests and
c) aren't all in the same place  

That alone will make it more resilient to takedown.  It's not just about trusting the individuals, it's about what their respective governments might do.

Thank you for your responses, hope you don't mind if I ask you some deep questions:
1. Do you do something or plan to do something to prevent abuse of your service? I mean to minimize it cause nothing is totally preventable. There are people who care about their privacy and there are people who want to do illegal things, do you have a plan to make your service unlikeable for the people who do illegal things? To get rid of them. Do you think are there any measurements that you can take while keep your service functional for people who care about their privacy?
I know this question can sound strange but it's still an interesting one. More likely I mean, you may be able to get list of addresses that are known to be found in illegal activities and you may include these addresses in your blacklist to not be able to use your service.

2. I think, you understand that doesn't matter how trusted someone is on this forum, there is a chance that any signer can actually be a spy. By the way, what do you think, what's the number of signers that can make you feel safe and get rid of cooperation to steal money? Definitely 3/3 or 7/7 won't work, you need something like 2/3 or 5/7 at least. I think this is a huge challenge.

So, as far as I've understood (without giving much emphasis on the details), whirlwind is a mixer that knows the input, but doesn't know the output (i.e., I send 0.01 BTC, but they don't know which 0.01 BTC output I will spend). Is that correct?

I have some questions:

• First of all, what's your setup, as NotATether said? ChipMixer was proved to have poor setup, and even if your service isn't prone to failure due to centralization, your absence would lead to the corruption of the service (at least now that it's brand new).
• How do you plan to select anonymous trustworthy members?
• Who grants us that the authorities will not try to shut down the federation? AFAIK, from what I've read, the trustworthy members will only protect the users in case whirlwind is shutdown, and it protects their privacy using blinded certificates, but it doesn't grant that the service will continue being online after whirlwind (the user) disappears.

Very interesting implementation, I hope it goes well.

That's a good point, and one I did not consider. For an external observer using blockchain analysis, then a fast mix appears identical to someone using notes. They can see the deposit being made, but since they don't know if the user is using fast or notes, they are unable to reach any conclusions about the time frame of when the withdrawal will be made or how much will be withdrawn. Both fast and notes users benefit from being in the larger anonymity set provided by the other type of user, and having the different process help to obfuscate what is happening.

The way you are trying to involve individuals from the community  and keep talking about community in the main operations with the multi signature addresses and things, I wonder what the three letter agency will feel about it when they will target your project. If you become bigger then today or tomorrow they will come after you and the people with you working in the managerial level holding the keys.

If they get the false sense of understanding that the mixer is running by bitcointalk community then immediately they will come after bitcointalk and destroy it.

If we didn't have the Notes then I agree, Fast mode would have the same disadvantages as any other mixer. But since outputs from Notes and Fast look exactly the same there is no way for any outside observer to know which mode you used. So Fast mode is as secure as the Notes from a privacy set standpoint. I would still recommend using Notes regardless because they offer the end-user full control over the process.

Yes you understood correctly, I have total control. I explained in previous messages that the multi-sig's purpose is to protect against external attackers, not against myself.

It sure is a valid question and I understand the concern, I'll share my view on this issue. As I said since before I even launched the service, I am hoping for the best while preparing for the worst.

I also want to emphasize that I have not commited any crimes while creating Whirlwind, for example identity theft.

Even though I don't believe I have anything to worry about, I'd still prefer to add more signers to the multi-sig so I don't have full control anymore. This would make it safer for everyone, I really do not like the fact that users have to trust me. For now this is the only option though, and I will not take any steps in this direction unless I am 100% sure it's done in a safe way. The community would also have to agree with the plan before I set it in motion

Considering the recent situation with Chipmixer, I think this is definitely a valid question.

I'll ask again: If you have access to the backup where the seeds of all signers are stored, finally total control comes down to you. Did I understand correctly? If I didn't, please enlighten me cause seems I didn't get it then.

That's kinda strange question, if he says that he does in order to save himself from the claws of government, would it make sense in terms of security?
By the way, another question that I have, is, why does someone want to create a mixer when this happened to chipmixer? Or why does any of them want to continue to operate? When you enter the ocean, you enter the food chain.

If I would not be mistaken Chipmixer was the biggest Mixing company in the community, until it demised and presently whirlwindmoney has taken over that Chipmixer's position in the community. Well you can't give an inductive reasoning on whirlwindmoney and Chipmixer, I am not saying that you should trust them but where (the root of launching) the mixer is entirely different from Chipmixer therefore they have different operations and managers.


Really this is my first time of hearing this blind certificate, if the transactions are anonymity to the public then they can make the whole system anonymous to every users for fair transactions. In any system trust is the most important thing to keep. I will want whirlwindmoney to be transparent in all their dealings with their customers and both in the community and in the site.

Rather than asking a few questions about user privacy, I will ask another kind of question.

What preventative measures have you taken to protect yourself from arrest and federal government seizure of website assets (i.e: how do you plan to avoid Cipmixer's fate)?

I remember reading that report thoroughly at the time it was shared. I agree that the structure that ChipMixer used, and the similar structure that Whirlwind is now using, meant that they can't be broken in the same way as traditional mixers exactly for the reasons whirlwindmoney has given above. By allowing users to deposit different amounts to different addresses at different times, to combine and split these amounts freely, to do so over any period of time desired, and then to withdraw any amount of coins from their vouchers/notes, it becomes impossible to track inputs and outputs in the same way this report does. Of course users can still make mistakes such as combining mixed and unmixed UTXOs, but the service itself is not at fault in such cases.

My feeling would be that the fast option would potentially be breakable in the same way that every other mixer is, but notes would not be breakable in the same way that ChipMixer wasn't.

And of course if things get as far as blinded certificates, then it becomes provably impossible to link deposits and withdrawals via blockchain analysis, since certificate issuing, trading, spending, and redeeming, all happens off chain and Whirlpool are blinded to the individual certificates.

I went through his report and altough I'm sure we already fixed the issues outlined by him, I will still try to get him to do a paid review for your confirmation.

Coinmixer.se (the service used as example in the report) works like most mixers on the market today, and they all have the same big issues in common:
1.Maximum delay time is limited
2.Maximum amount of output addresses is limited
3.No option to have higher outputs than inputs
4.Use of mixing codes

These issues make it possible for anyone to perform blockchain analysis with relative ease. The privacy set (number of deposits your output transaction could have originated from) which is the most important figure in my opinion, is reduced to only the transactions that were performed during the time limits imposed by the "maximum delay". And since you also know the maximum number of output transactions each deposit has, it's not that difficult to deanonymize it.

We solve all these issues by introducing the Note mechanism. Let's see how the above issues apply to Whirlwind:
1.Maximum delay time is unlimited
2.Maximum amount of output addresses is unlimited
3.Outputs can be higher than inputs (combine Notes)
4.We don't use mixing codes

Since the user has the option to deposit and withdraw whenever he likes and we don't impose a limit, blockchain analysis becomes useless. In the case of coinmixer.se it's written in the report that they had about ~1000 deposit transactions a week. If we assume we'll have the same, then the privacy set of Whirlwind will grow by 1000 every week.

After 10 weeks every output transaction could originate from any of the 10,000 deposits into Whirlwind, and this figure will only grow as time goes on. With other mixers it doesen't matter how many deposits they have in total, the privacy set doesen't increase.

The use of mixing codes by a service confirms that the privacy set is very weak and introduces other risks since it can link your transactions. If a mixer does what it's supposed to do, it shouldn't matter if you get 'your own coins' back because anyone that ever used the service could have withdrawn those coins.

 Since you are open to hearing opinions, I hope you will visit this link ----> Breaking Mixing Services



Contact him, and if he accepts to give a paid review, I think that this will contribute a lot to gaining trust in your mixer service (at least for some here)

How is it misinformation if it is implemented?

I suggest you read some of the earlier messages here to understand the purpose of the multi-sig

I'm here for any questions if something is unclear

It sounds complicated. If I have all cosigners seed then having a multi-sig is just giving a false security. It's again down to trusting one person. On the other hand it's risky for other two cosigners as they might be blamed for any mishandling. Their reputation will be at risk.

I am coming from your response on the Ann. As I said, right now telling about multi-sig feature is a misinformation until it's implemented.

I mean, if something happens to those one or two users, you can use your backup that you hold for all 3 signers, right? This means, finally the control system is still centralized and in reality, we don't get pure 3 signers service because after all, you are capable to use those keys anytime you wish and finally it comes to whether we trust personally you or not, right? Or did I misunderstood something here?
Btw I'm not saying whether you are trustworthy or not, I'm neutral here.

Thinking very long term here because I know in the near term challenge is just to find three separate trusted members, but it would be really neat to someday set up a system with separate groups of 3 signers and allow the user to choose which group to engage with. This would reduce the trust to place in the service for picking the three members and give us more autonomy on choosing exactly who we can trust. It would also set up a very neat system where people could essentially form their own mixer on your service. Three people join together, they each control separate certificates to form a mixing/trust cluster, and they get a portion of the mixing fee (as does Whirlwind). These people would then be super promoters of Whirlwind because they'd be promoting their own mini mixer within the Whirlwind system. They might even fund their own signature campaigns and other sort of referral programs. I worked with developing a referral program years ago and it was the single best thing the company did for acquiring new users. The company paid the users well for their referrals, and it practically 10x-ed growth.

Understandable, but that's the advantage of blind certificates. You won't need to trust that we don't keep logs, it would be impossible to log anything even if we tried. This will be provable beyond any doubt at any point since it's code, not just our words.

Great idea, we will do that once we get some traction with the current version

Currently I am all 3 "users", the point is that if you have a 2 server setup for the whole infrastructure, like in a case where we all know for a fact this is the truth, then the entire service including funds are at risk of being hacked/seized//the list goes on. I can't disclose the exact setup that we are running for obvious reasons but there are >5 servers, and all but the clearnet frontend one are not exposed. While risk still exists with our setup too, it's mitigated to a minimum. I am not trying to pretend that I don't have access to funds or anything like that, I said multiple times that unless there will be more signers besides me in the multi-sig, then users will have to trust me and it's just how it is. But at least if you assume I am honest, then you don't have to worry about much else. I don't believe you have this luxury with many other services.

We will phase out the Fast mode only if we migrate to a setup with multiple signers. (I explained before it's because all signers could keep logs for Fast mode and we can't take that risk) As for trust I was planning to run a review campaign and lock a few BTC in escrow, Hhampuz is looking to find a 3rd party to hold these funds. Not much else to do besides this other than running the service reliably, time will tell

I have no idea right now to be perfectly honest, but I hope that after some more time and discussions about this topic here we will come up with a reliable plan that we can execute.

After gaining trust, will the fast situation be deleted and only use notes? and what is your plans to get trust? only high-payment the signature campaign?

blinded bearer certificates is a new concept for me < will read about it and update.

What are the criteria for selecting *reputable users,* and will the contract be for decentralization and how will you deal with legal frameworks and how to make payments? Can anyone be a reliable member if he fulfills certain conditions, or is the list central?

3/3 is a case where three signature is required to sign a transaction. So, if one user isn't online or able to sign, then you are going to migrate to a new multi-sig with new signers and servers because you have the backup, you said that.
So, if you hold the backup for all 3 signers and you can always change the fate of situation, doesn't that mean that all you are doing by multi-sig is that you just put transparent curtains? I mean, what's the point of 3/3 multisig if you can always do whatever you want?