Topic: Wasabi wallet data privacy questions - page 2. (Read 650 times)

That's the entire point of Wasabi:  You don't have to trust any coinjoin coordinator you choose since no information is ever provided to them.  Tor protects your IP address and block filters protect your xpub address.

Kruw thanks you've replied when asked. You've settled questions bugging me but you're defending Wasabi Wallet when zkSNACKs isn't trusted. They're using blockchain analysis for coinjoins so tech forum users won't use it. If trust's lost it isn't easy regaining it.

If the information's anonymous or untraceable when it's sent to their servers it shouldn't matter what they're doing with it. If it's linked to users data it's inappropriate. Did tech companies run source code tests to examine information being sent to zkSNACKs ?

Kruw answered questions with strong belief in what he's said so I'll give credit on his effort. He's defending Wasabi wallet when he knows he won't convince determined users about protecting Satoshi's words but he doesn't avoid answering.

The biggest OS by market share. That's why malware creators target Windows because of it's popularity.

I hit this milestone in Sparrow a few weeks ago, and decided to screenshot it for posterity:



I've added a few more to that count since then, and I've got a couple of such inputs in the same ballpark. It's turned in to an experiment now where I will just refuse to spend at least one of these outputs unless absolutely necessary just to see how high we can go. With every remix after the first completely free, of course.

You don't need to. They openly admit they are cooperating with blockchain analysis and directly funding state sanctioned surveillance and censorship. That alone is more than enough to mean nobody in the right mind should ever use Wasabi.

The biggest OS (I assume you mean largest marketshare or user base) is also the preferred playground for malware creators. I don't want to judge and/or compare the security of Windows vs. Linux vs. MacOS. But because Windows as OS is the preferred target for malware creators I wouldn't choose it as platform for crypto coin activities.

And as data privacy questions are a concern of the OP and as has been said here already that in this respect Windows is really terrible, I wonder why the OP sticks to Windows. You have at least two big arguments to stay away from Windows. (I acknowledge that OP is looking for some better solution with that.)

I prefer to use coinjoins with Sparrow wallet or JoinMarket (I don't care if coinjoins take a longer time; I can separate short-term from long-term coin use; what I want to make more private by coinjoining are rarely coins to be in a hurry with).

The controversy around Wasabi is pretty much heated and somewhat stuck in my opinion. I lack the time and coding knowledge to do my own research and code audit on Wasabi. And as there are alternatives, my choice is to stay away from Wasabi. YMMV...

The "nothing to fear, nothing to hide" argument is so monumentally stupid and so widely discredited that to use it in this context you are either an idiot or actively malicious.

Because, as I've given you evidence of at least a dozen times and you have completely ignored at least a dozen times, Wasabi coinjoins are deeply flawed and result in outputs being linked to inputs due to various factors such as UTXO sizes and address reuse. Why would I want to run an inferior coinjoin coordinator when I can just use a much superior product such as JoinMarket or Whirlpool?

Cool strawman. That's not what I said at all. I said Coinfirm will be analyzing the inputs to ascertain their history and see to whom they belong, not Wasabi. You were the one here which conflated Wasabi and Coinfirm as being the same entity, which is frankly pretty hilarious.

This. Funding blockchain analysis is malicious. Gaslighting people in to believing that funding blockchain analysis is somehow in their best interests is just downright evil.

That's not really true. As long as you download the source files from their GitHub page and compile it yourself, you can check the code that runs on your own device.
I.e., you can read for yourself what information is sent out and what stays local.

However, the tricky part is that there's no way to tell what they are doing with the information the application does send to their servers.
Some information has to be sent for it to function, and it can definitely be used maliciously. Many users here agree with me, that after the statements Wasabi officially made, we know for a fact that they do act maliciously in terms of Bitcoin's original vision of freeing people from censorship and surveillance.

There's no trust in zkSNACKs necessary - Wasabi is completely open source so you can verify for yourself that no identifiable data is ever sent to any third parties, including coinjoin coordinators such as zkSNACKs.


Yeah, it's quite strange to see o_e_l_e_o be so passionately furious at the idea of a business refusing to make stolen money private that he would misdirect that anger at an open source project that allows anyone to run a  competing business.  If he hates zkSNACKs so much, why isn't he simply running his own WabiSabi coordinator by copying and pasting their open source code and making them go out of business by offering their service for free instead of charging any fees?...


The data stored by zkSNACKs is the exact same data that is stored on everyone else's full node when these transactions are confirmed in blocks.  zkSNACKs has no knowledge about who owns coins that have been mixed.


It's not quite the same as an exchange because there's no way that stolen coins can be seized by a coordinator, coinjoins are non custodial.  If a coordinator realizes coins are stolen, they can only refuse to include them in coinjoin transactions they coordinate.


This is completely wrong.  Wasabi coinjoin coordinators do not have any knowledge of who coinjoin outputs belong to.  You would be correct backdoors such as those in Samourai's coinjoin coordinator allow tracking the outputs that were created from coinjoin inputs due to xpub addresses and IP addresses being leaked by the Samourai or Sparrow client, but Wasabi clients automatically assume any coordinator is malicious and never reveal ownership of coinjoin outputs to them thanks to using compact block filters and Tor by default.


Yes, this description is correct.

Thanks!

There are a few topics on this forum which are a good starting place.

Here is the post by Greg Maxwell introducing the concept of coinjoin for the first time: CoinJoin: Bitcoin privacy for the real world
And here is the post by Chris Belcher launching JoinMarket: [ANN] Joinmarket - Coinjoin that people will actually use

The bottom line is of the three current main coinjoin implementations - JoinMarket, Whirlpool, Wasabi - Wasabi is the only one cooperating with blockchain analysis, the only one supporting mass surveillance, and the only one implementing blacklists and censorship, not to mention suffering from address reuse and other flaws. There is literally no reason to choose Wasabi over either Whirlpool or JoinMarket.

No problem!

I should've removed the links because curious users could find themselves in danger. I've removed it.

I'm trying to get started after research because I didn't wipe MacOS for Linux before. A dedicated machine's going to be perfect solution. I'd like to understand more about coinjoins for widening my learning. I own tiny amount of bitcoin so won't be coinjoining frequently or in large volumes. I want to learn how it works.

I'm a newcomer to the Wasabi thread. It's a heavy read because of details given in long questions & answers but I'll try going over it. I'll lock this thread if there's isn't activity.

Thanks o_e_l_e_o for amazing advice.

Would you mind editing your previous comment to remove the link? Just in case anyone else skimming the thread clicks on it without realizing.

That is certainly the safest option. Since all coinjoin wallets need to be connected to the internet constantly in order to work (you can obviously disconnect but you won't be able to perform any coinjoins while disconnected), it is safest to have a separate clean machine dedicated to coinjoins if you are going to be coinjoining frequently or large volumes.

The other Wasabi thread already contains all his opinions if you care to read them. They are just the same nonsense Wasabi talking points repeated ad nauseum.

Thanks for amazing help o_e_l_e_o I wasn't focused so nearly download the malware from the fake Joinmarket site. It's safer I'll postpone using Joinmarket until I've set up Linux on old Mac I've come to own that'll be an experience learning as I ask questions.

Running software without verifying downloads will lead to infections. I'll verify the download with PGP when it's done thanks it's something I've been doing for years.

It's fair Kruw gets invited to post opinions ahead of locking the thread.

Yes. Samourai is the name of the team/wallet behind the Whirlpool implementation of coinjoin. Whirlpool is also accessible via Sparrow, with other wallets in the works I believe.

I'm 99% certain the link you have included there is a scam site. I've never heard of it before despite using JoinMarket for years, there is no mention of that site whatsoever on the JoinMarket github, and the download link directs to a .exe file which does not exist on the github releases (https://github.com/JoinMarket-Org/joinmarket-clientserver/releases).

You should only download JoinMarket from the releases link I have given above and verify the download with the provided PGP signatures before installation. I'm pretty sure that .exe file will be malware.

Privacy wallets can't store data there's a contradiction in zkSNACKs philosophy. How many savers suffered when centralised exchanges designated coins as tainted it's a loss for owners.

Thanks you've explained it that way. I didn't reject it I wanted to know what they're storing when using Wasabi wallet. If we don't know data they're storing we can't confront them.

Whirpool you mean Samourai? I've reported about how Sparrow wallet wasn't something I'll use because of delays in mixing. My previous experience means I won't use Sparrow but I'm looking at Joinmarket.

There is a difference between a centralized exchange responding to police requests, and a so called "privacy" wallet enforcing censorship based on secret blacklists. There is no presumption of privacy if you use Binance, and they certainly don't market themselves as the ultimate privacy solution as Wasabi do. For every criminal's coins which are seized, there are dozens of innocent users also having coins seized because Binance have decided they are tainted or some other such bullshit.

If you lose your coins, then that sucks for you and I'm sorry to hear it, but I will never defend compromising the privacy of everyone else who uses bitcoin to make up for your mistakes, just as I will never defend mass surveillance of an entire country to stop a single criminal.

This is true, provided you are lucky enough to get your coins in to a Wasabi coinjoin which does not have a critical flaw, of which there are many. But that's also the bare minimum you want from a coinjoin, and you can achieve it without using Wasabi spyware via either Whirlpool or JoinMarket.

In your opinion what's right to do if your wallet with 1 btc gets hacked. On blockchain you trace funds were sent to wallet bc1xx so you report it to police. A month later the coins moved to Binance. Soon your coins will be returned because they've been seized after blockchain analysis. That's happening now with exchanges so it can't be a bad process reuniting owners with stolen coins.

Scanning incoming UTXOs in Wasabi wallet it's the same as Binance or other exchanges doing it. What they're doing with data isn't clear. If it's being misused for unfair data collecting after it's completed its purpose it shouldn't be used. I don't trust any companies to voluntarily delete data after if they're able to profit from it.

I believe if they've got it they'll sell it so asking data questions about what they're doing by separating wrong info from facts is crucial.

I've a new example for transactions
tx1 Satoshi uses Binance sends 0.1 btc to arabspaceship123 Electrum wallet 1
tx2 arabspaceship123 Electrum wallet 1 sends 0.1 btc to Wasabi wallet for mix
tx3 Wasabi wallet use Coinfirm for analysis
tx4 Wasabi wallet allows coinjoins sends mixed 0.1 btc to arabspaceship123 Electrum wallet 2
tx5 arabspaceship123 Electrum wallet 2 sends 0.05 btc to Satoshi Exodus Wallet
tx6 arabspaceship123 Electrum wallet 2 sends 0.04 btc to Satoshi Bitcoin Core wallet
tx7 arabspaceship123 Electrum wallet 2 sends 0.01 btc to arabspaceship123 Electrum wallet 3

Is this belief accurate?
It's been mentioned zkSNACKs can't link incoming UTXO's to outgoing UTXO's so that's good for privacy if true. They aren't storing ip address or device id when using Wasabi wallet. They're storing the address used by Satoshi in tx1 before coinjoins but aren't storing tx details after mixing so they can't link anything between tx2-7.

This is the same old nonsense argument governments always use to erode your rights and surveil their population. Mass surveillance is designed to stop crime. Phone tapping is designed to stop crime. Banning encryption is designed to stop crime. Putting a government back door in all your devices is designed to stop crime. Reading all your emails and IMs is designed to stop crime. It is complete bullshit. There is no evidence that mass surveillance has ever managed to prevent a single incident of terrorism. It's not about preventing crime. It's never been about preventing crime. It's about control:

Wasabi pay Coinfirm to investigate the output you are registering for coinjoin. So Coinfirm will absolutely be looking at the history of that output and seeing where it came from. If any of the previous addresses have ever been linked to an identity (such as via KYC, via addresses being shared publicly, via connecting to third party servers, via other transaction heuristics, etc.) then that will be identified and Coinfirm will be storing, sharing, and selling, that information on to other third parties.

Wasabi wallet being marketed as a privacy solution while simultaneously funding blockchain analysis is contradicting. I haven't seen data they're doing excessive bad things. Analysing incoming coins for naughty status isn't the biggest crime if it's designed to stop crime. If my wallet's hacked coins were sent to any address on its way to Wasabi for mixing I'd be happy if they succeeded in stopping coinjoins so I'm not getting why that makes people upset. If they're storing data without telling us Wasabi shouldn't be used because they're lying.

Which data's being stored by zkSNACKs in this transaction if I'm using Wasabi wallet. If they're all unused addresses on Electrum wallets can zkSNACKs stored data cause them to be linked?

o_e_l_e_o sends 0.1 btc to arabspaceship123
arabspaceship123 sends 0.1 btc to Wasabi wallet
Wasabi wallet sends mixed 0.1 btc to arabspaceship123
arabspaceship123 sends 0.05 btc to o_e_l_e_o
arabspaceship123 sends 0.05 btc to theymos

I've read the post. It made me research Windows OS. I've found articles about Microsoft data policy. It's data nightmare. Microsoft aren't open about their data sharing policy.

Thanks for the warnings. I won't give up using Win 11 today it'll take time. When I'm ready I'll create another fun & learning thread to cover Bitcoin Core, Electrum, Electrum Personal Server & Linux Mint. If it works I'll take my Bitcoin node to Linux.

Yes, it is justified. You can't market yourself as a privacy solution while simultaneously directly funding entities whose only purpose is to tear apart of every shred of privacy they can. Contrary to the lies they tell, Wasabi are anti-privacy, anti-fungibility, pro-surveillance, and pro-censorship.

I would direct you to a previous post I made regarding Windows here: https://bitcointalksearch.org/topic/m.52685703. If you are using Windows, you should assume your privacy is zero.

@kruw thanks I'll ask other questions after analysing your replies. It doesn't look like zkSNACKs are keeping info which links users after mixes but it's about trusting what they're saying.

I don't intend using Wasabi wallet because their rep isn't good but isn't examining incoming UTXOs for stolen coins different from sweeping customers data? People are against zkSNACKs using blockchain analysis so they're getting a tough time in the Wasabi Wallet thread but is all of it justified?

My wallet tests were on Win 11 using good security solutions. It isn't the safest but it's the biggest OS. I'm happy I've tested other wallets on Windows Fun & learning with Electrum EPS, Electrum wallet & Bitcoin Core QT in Win 11

This is not news. We've known for a long time this is exactly what Wasabi are doing - directly funding blockchain analysis companies with the fees that you pay for coinjoining through Wasabi. Isn't it fun paying for the privilege of being spied on and censored!?

You try to register an input for coinjoin, Wasabi hand that input over to Coinfirm and ask them for all the dirt they have on your input, and then decide whether or not you are allowed to spend your coins in the way that you want. If you are not allowed, they won't tell you why, of course.

Just like Satoshi envisioned! No third parties, except for ones who will censor you and charge you a fee for doing so!