Topic: Wasabi blacklisting update - open letter / 24 questions discussion thread - page 2. (Read 1967 times)

That's where I'd honestly appreciate a board where it's possible to discuss Altcoins which already have made such advances in privacy technology and see if whatever they came up with (1) is actually secure and private, (2) can be implemented in Bitcoin and (3) build test implementations and play around with them.
But I guess it can be done in Development & Technical discussion, since such topics would be focused on that tech's usage in Bitcoin of course.

What about ismyinputclean.com?
DireWolf14 recommended 'chainhistory.com' and 'chainillumination.org'.

Tniat.com?

I could make 2 versions: taint.loyce.club and ThereIsNoTaint.loyce.club. Both will have the exact same data. All this to make a point of course, not to support the taint BS. Or maybe TaintIsBS.something

Pretty sure entities like centralized exchanges and Wasabi do not care in the slightest if they are attacking bitcoin, as long as they make their profits.

I don't disagree, and I've said as much in the past:

I would absolutely support more privacy at a protocol level, I would absolutely support a technical solution with guarantees bitcoin fungibility, and indeed such protocol changes are the only way we will ever guarantee fungibility. Education of the community will never get us there, but that doesn't mean I'm going to stop talking about this and trying to get as many people as possible to stop tacitly supporting taint by using services and business which enforce such nonsense.

It would certainly be fun, but don't use the word taint. The real question is how you could put it to any sort of good use.

I am this close to registering bitcoinblacklist.wiki to offer my full blacklist of 1,024,934,280 tainted Bitcoin addresses for free to the general public! If some database guru wants to join this project, it can have a very nice search feature where anyone can enter their own Bitcoin address to confirm it is indeed tainted.
I'm still thinking about the name: TaintedBitcoin.site? Taint.center? Taint.ink (Merits for the first to get this reference)? Taint.beauty? Taint.lol? Taint.monster? Or just taint.loyce.club (that saves me from another annual domain fee).

You put it much better than me; I was also trying to say: Sure, they are free to introduce blacklisting; it's part of what Bitcoin's freedom allows you to do. But be aware that you're going to destroy Bitcoin in the process, especially if you normalize it and set a precedent that other wallets might follow.

I do think that technical solutions are a more sure-fire way method to make sure fungibility and privacy is maintained in the future (more discussion about this currently here), but it's good to list the precedents where the 'market' / simply the public voice had significant impact on Bitcoin's development.

A few notable examples so far happened in 2017: BCash, SegWit2x, and the SegWit UASF.
And then of course AOPP (2021) - potentially, the market will this year be able to get businesses to drop blacklists and anti-fungibility implementations!
I understand that the real cypherpunk way is to just make blacklists impossible, but if simply nobody is interested in using a wallet or service that implements such thing (same with KYC), the businesses that continue do it, will just go bankrupt. It's a different way to solve the same problem.

Well, I'm not going to volunteer to pay Wasabi to spy on me, so I'm afraid we'll have to wait for reports from elsewhere. But as n0nce has pointed out, the announcement is bad enough. It shows quite clearly that their priorities, their morals, their ethos, does not lie with privacy, but with profits. They will sell out anything, including what was once one of their core priniciples.

When wallets announced their support for AOPP, we didn't all sit around and wait for them to implement it before complaining and getting them to reverse their decisions. When certainly payment processors announced they would start requiring KYC from all users, we didn't sit around and wait for them to implement it before warning everyone to switch to different processors. When BCashers announced they were going to fork bitcoin and launch a shitcoin, we didn't wait around for it to happen before warning everyone about said shitcoin. I don't see why Wasabi would be any different. They have clearly and repeatedly both stated their intentions and defended those decisions.

That's where you are wrong! We don't need a mob mentality when we have Wasabi and their blockchain analysis buddies passing down the rules from on high as to which bitcoin can and cannot be used. We can just consult with them and their surely infallible although completely secret blacklist.

Here's a more fundamental thought: pedophiles and murders have to eat! If we ban them from restaurants, we can't allow them in supermarkets either, right? And we won't allow them to grow their own food, so let's starve them to death? Some sort of mob mentality slow death sentence? Somehow it sounds less noble this way than just rejecting them from your restaurant.

The whole concept of "taint" is a huge sliding scale. Being gay is illegal in some countries, let's reject them too! And anyone who had sex before marriage must burn in hell, right? And the guy who was speeding yesterday, you wouldn't want to be associated with that wreckless behaviour, right? And freshly mined Bitcoins? Those are the worst of all, let's not associate ourselves with the environmental impact fresh Bitcoins have.
If you look deep enough, you'll find a reason to taint every piece of Bitcoin out there. Mission accomplished, Bitcoin is dead.

You don't even have to call the bank, I doubt there's even a bank on the planet that hasn't processed money from criminals. If you have a bank account, you must be a criminal. Let's not only cancel Bitcoin, let's cancel all money.

I can't really help the sarcasm today.

That's very interesting! Neither JoinMarket, nor Samourai had such a drop. I'm wondering however if maybe the tool is only picking up Wasabi 1.x CoinJoins?

Only because we don't know of any cases in which it has already happened doesn't make it any better, for me.

By announcing their blacklist, they are giving themselves the ability to do it whenever they want, and defended that stance over and over, such as in the 24 questions for which I created this thread. They stand by their decision; it's a bit like waiting for a kid who announced a school shooting to actually do it instead of taking it seriously, warning everyone and implementing security measures at that school or moving your children to a different school - analogously, move to a different wallet / privacy solution.

The announcement and answers like these should be 'proof' enough that they have a very different understanding of Bitcoin's future, no? The below statement confirms sufficiently that they believe as long as blacklisting and censoring doesn't come from a government, it shouldn't be called censorship and that it just falls under the category of 'freedom'.
Of course, everyone is free to do business with whomever they want, but if I have good money, I can indeed spend it everywhere and get it anywhere. If in Bitcoin, it will become normal practice to spy (I will get to this later) on your customers before they can do business with you, Bitcoin loses its main value proposition (usability as money, anywhere, anytime, anyone). So my answer would be something like: sure, you're free to do that; you're also free to destroy other projects that are important for the world, or e.g. deliberately accelerate climate change by leaving your car running all day and night. Or just buying a lot of gasoline every day and burning it for fun. You are free to do so - but I don't think you should do it if you care about what you're harming (Bitcoin / environment).
In most countries, you are also free to just kill your pets with a pocket knife or even more cruel ways without punishment; this freedom is not really a good reason to actually do it in my opinion.

Regarding the spying: Sure, they might not collect IP addresses, fingerprints or other PII and not link it to UTXOs; they might not even link UTXOs together and do everything with zero-knowledge cryptography. However, let's think about fiat world:
Imagine you enter my restaurant and before I decide if you're allowed to get food, I am going to call the central bank and pass them the serial numbers of your bank notes. If they say they were used in a crime, I will send you back home as long as you don't bring me new bank notes.

Note how (1) You would most certainly call this a form of spying (into what I do with my money; what I may have done with it in the past and from whom I may have received it), and (2) you can just come back with other bank notes and sit down. How does this make sense? I thought they don't want to do business with criminals. But if the criminals come back with 'non-tainted' UTXOs, they will do business with them? Or is your account suspended when you submit one 'criminal tainted' UTXO? But there are no accounts.. So are they going to block your IP? No, they don't track IPs...
(3) You will not be prosecuted, even though apparently being an official criminal, and (4) the money is not returned to the legitimate owner from whom you have supposedly officially stolen it.

So either they track, to make sure not to do business with criminals or even pedophiles (more later), or they genuinely don't track and don't know anything about their users, which means after someone sends one of their 'tainted pedo UTXOs' and they got denied, they can just swap them with someone else or try other UTXOs and Wasabi will accept them; effectively still having made business with the pedophile.

Their very first answer states that as restaurant owners, they wouldn't want to serve a pedophile. Besides the fact that this argument is borderline an 'argumentum ad passiones' (appeal to emotion) and I'd obviously hate doing business with anyone who has such thoughts and ideas, here's a newsflash: pedophiles are dining at restaurants and shopping in malls every single day, since they have well-working money (cash) that is untraceable not traced to e.g. their purchases of whatever fucked up media they might be buying online.
Would you deem it a sensible idea to call everyone's bank and ask if they have had suspicious activity, such as something hinting at them buying fucked up media online, before allowing them to eat at your restaurant? Or if the money has merely passed hands of a known pedophile? I don't think people will be excited being suspected of doing such atrocities just because they wanted to have dinner.

The reason blacklisting is wrong is a similar reason mass surveillance is wrong. It's not a new debate. You can't just label everyone guilty until proven wrong.

This makes you wonder who is actually behind all those crypto twitter profiles, and I remember there was issue with one of bitcoin twitter accounts before.
I know that politicians are paying for people to post in public whatever they send them, so it could be something like this in crypto space.

Fact is they are not blocking anything now, and they never said what is this mysterious analytics company.
Until you show me some proof that someone was blocked and blacklisted for using Wasabi I will consider this to be speculation, and I will be the first to support you.
I will not throw any stones in advance, and I criticized some of Wasabi changes in my review.

True, but Bisq reacted to the tweet in question, removed it, apologized, and revoked the privileges of the person responsible, all within 24 hours. Samourai have a long history of repeatedly tweeting stuff like this, so it is clear that their core team approve of this kind of behavior.

They could easily take the high road. All they need to do whenever they are attacked by Wasabi is remind everyone that Wasabi are anti-privacy and pro-censorship, and no one in their right mind should be using them. Name calling doesn't help them.

Absolutely. You could maybe argue that blacklisting only in order to ensure their survival would just be hopelessly misguided, but the fact that there is no law forcing them to do it, attacking every other privacy project in existence, trying to frame themselves as the saviors of both fungibility and bitcoin, trying to gaslight everyone in to thinking that censorship is somehow good for them, even hiding the very fact they are blacklisting from their website, and so on, means that this "hopelessly misguided" position cannot be logically defended. What they are doing is actively malicious and an attack on bitcoin.

On another note, it does seem that the community constantly and repeatedly calling out their censorship is having a significant affect on Wasabi's volume: https://www.bitcoinkpis.com/privacy
From 900 BTC a week 2 months ago, has now steadily fallen down to a couple of hundred BTC a week.

Yeah, those tweets made a big stink on bisk.chat's Growth room.  Most people were not happy to see the twitter contributor step into that drama.  



That is childish and pathetic.  For the same reasons that we wouldn't judge bisq on the tweets of one rogue intern, it's best not to demonize Samourai Wallet for that tweet.  I would advise the Samourai development team to take a cue from Bisq on this one, and consider changing their twitter tactics.

---

Regardless of what you call it, what Wasabi is doing isn't good for bitcoin.  Even if it isn't spying in a way to to associate coins with a specific individual, it is gathering intelligence in an attempt to devalue bitcoin.  How the Wasabi developers aren't seeing this is mind boggling, and leaves me no choice but to agree with this:

---

Anyway, it seems I've been coming to the defense of definitions quite frequently as of late:

Quick update on this: https://nitter.it/bisq_network/status/1552708493877989377. Kudos to Bisq for jumping on this so quickly. And some of the reactions from the Samourai guys over a single tweet are pretty childish and pathetic.

You don't need an IP address to spy on someone. And Wasabi have already clearly stated that they are/will be paying blockchain analysis companies to analyze your UTXOs and tell them the history of each and every one of them. If that's not spying then I don't know what is.

It certainly seems like this is the narrative they are trying to push; that they are the sole arbitrators of what is and is not fungible. As I said previously, as far as I am concerned this viewpoint is actively malicious.

So apparently the NSA is a collective of "Java boffins" with the exception of Ghidra, which is good on paper, but for reversing Win32 programs, IDA is still ahead on that because it can locate the system call names from Windbg files.

If the automatic coin control really works as well as doing it manually, I'm sure it's a great feature for the large amount of people that doesn't know anything about coin control and doesn't use it.
But it shouldn't be made this difficult to enable manual coin control. I would like to see a GUI toggle right up front in the setup screen to be honest. And easy to find afterwards.

I'm not exactly sure if you get a 'preview' before you sign and broadcast a transaction in Wasabi, but it's something Sparrow does and that I really appreciate. With such a view, I may be comfortable to use auto coin control, since I could quickly check myself that it didn't mess anything up and indeed did not jumble UTXOs together or any other weird stuff that I don't like.


[source: https://www.youtube.com/watch?v=GSHyKTigNQY]

First of all, their definition of spying may be different from ours; for them as long as there is no IP attached to a UTXO (due to using Tor) they probably believe no spying is possible.
And regarding what the chainalysis company gets from the deal, well, they get paid right. So even if they gained nothing in terms of information, they would get cash money from Wasabi / zkSNACKs.

Nope, this doesn't work. The moment you start making distinctions, you introduced non-fungibility. Either something is fungible or it is not. It can't be 'a little' fungible.

I never said this is impossible, we know open source Tor is made by them, and some people even claimed that Bitcoin was a government agency project.
I can't be sure about anything this days and I am not trusting anything with 100%, open source or not.

Did you try using this secret combination to enable coin control in Wasabi wallet?
This is probably working in wiNd0ws and opening new window, but I am not sure if same combination is used in Linux and Mac os.
I know most of the people don't even use coin control, but more advanced users can't imagine a good wallet that don't have this option.

nopara73 claims that they didn't remove the coin control feature but rather improve it significantly by making it fully automatic and insusceptible to human error and bad privacy practices. But if you think you know better what to do with your own coins and how to spend them in the correct way, you can still choose UTXOs manually using the "secret" combination CTRL+D+C.

If they couldn't spy, why would they work with people controlling a mixing coordinator? I think that a CoinJoin coordinator requesting the information about particular UTXOs is in itself valuable information that may help chain surveillance firms deanonymize at least some transactions.

Let us call it "permissioned" fungibility or "selective" fungibility - the coins that got through Wasabi Wallet filter should now be considered fungible because their previous history is unknown or uncertain. All other coins, including those coming from competitors such as Whirlpool, are obviously not.

I'm doing my best attempt at devil's advocate here and trying to construct a scenario that in their eyes might look 'benign' / 'for the users': (objections in parentheses)

• If your input is rejected from Wasabi CoinJoin, at least it doesn't get confiscated. So you can still figure out what to do with it. (Not sure how though, without coin control)
• If your input was able to be mixed, you have pretty high probability of not getting it confiscated from a centralized exchange. (Easier to just avoid CEX)
• Chain analysis company can't spy due to not having a link between Bitcoin address and identity / IP / KYC.

Another idea:

• Blacklist will never be activated / implemented, no information will ever be shared with chain analysis companies. (No way for users to verify this is happening or not)
• Official statement was just a regulatory obligation / something to 'point to' if someone questions them about AML.
• Then they can say 'oh we absolutely don't work with criminals by checking all UTXOs against a blacklist' while actually not doing any of it. (No way for users to verify this is happening or not)

I would support such a GitHub issue; sincerity and openness is important..

I believe that's usual social media drama; all bullshit and waste of time - that's why I stay away from it.

This is a very risky assumption... Take Ghidra as an example; it's open-source, too... https://github.com/NationalSecurityAgency/ghidra/
As for whether Samourai, Wasabi or ChipMixer are part of the FED; I don't think there's any way for anyone to know for sure.

I don't want to ruin day to anyone but I think that some people working on Bisq exchange are in the same time working on new Wasabi wallet.
That could have good and bad sides depending how things go in future with regulations and blacklisting transactions.
I can't be 100% about this connections and I don't have any evidence for this claims, it's all speculation.

Scammers don't really care who is the fed and who isn't, they are cloning any popular service because they can profit from this and steal money.
I don't know how can you be so sure that Samourai/Whirlpool or anything else is a part of fed or some other government agency, especially if something is open source.
They usually like to make things closed source like it was done in the case with honeypot Anom smartphones with Arcane OS that was sold to criminals for ''secure communication''.

I don't think this statement is true, at least not for now, until proven differently.
Wasabi is not spying on you and with Tor enabled they don't even know your real IP address.
Centralized exchanges are spying people for sure. they are blacklisting, freezing coins, closing accounts, and most people are still using them.

It uses something known as a Chaumian coordinator (as does Wasabi). Each participant in the coinjoin connects to the coordinator via Tor, and supplies the coordinator with their inputs as well as their blinded outputs. The coordinator signs these blinded outputs and returns them to the participants. The participants then unblind their outputs and reconnect to the coordinator via a new identity, and then send back the now unblinded outputs. The coordinator can verify these unblinded outputs are correct since they still carry the correct signature the coordinator gave them earlier. The coordinator now has all the inputs and all the outputs, but cannot match them up.

It would obviously be possible to introduce a vulnerability in this process, but given that both wallets are open source, any vulnerability should get picked up and revealed.

Call me crazy, but here's an idea to promote bitcoin fungibility: Don't use coinjoin fees to directly fund blockchain analysis firms.

Yeah, the SPV server issue is easily resolved by running your own instance of bitcoin core or a node with an Electrum server.  Samourai can spy on you if you use their servers, but how can we insure they're not spying on you address by address when using Whirlpool?  I may not be as technically sophisticated as many here, but I don't see how we can ensure that's not the case.



Thanks for the link.  I can't believe the arrogance of that post, just wow.  "Bitcoin Core and Electrum had coin control before, but I informed the world how cool coin control is."  Here's a comment from that post that has me laughing out loud and fuming at the same time:


@nopara73, get a grip, dude.  You're not making bitcoin fungible any more than you're making the US dollar fungible.  You don't have that kind of clout, so stop making a fool of yourself by saying asinine shit like that.  Bitcoin is fungible with or without you, and you're not helping it's fungibility at all.  Quite the contrary, your shenanigans can only hurt.