Pages:
Author

Topic: Wasabi Wallet - Open Source, Noncustodial Coinjoin Software - page 11. (Read 10786 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Step 1: Find a coordinator.
Step 2: Check if he is a Sybil attacker by DDoS-ing him.
Step 3: Have your coins blacklisted in that coordinator.
Step 4: Repeat step 1 until there are no coordinators left.

Lol!  Grin
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
How does the victim get to do that indefinitely when the coordinator is supposed to ban him after refusing to sign and disrupt the round? What prevents the attacker coordinator to simply mark these inputs as blacklisted, with DoS protection measure as an excuse?

Then you confirmed with 100% certainty that the coordinator was not trying to target you with a Sybil attack since they won't allow you to participate at all.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
It is needless to mention that all those "precautions" and "solutions" have to be made manually. The client can only tell you if your coins are refused, which gives no insights whatsoever of whether you're being Sybil attacked or not. In other words, it is outside the skill set of the overwhelming majority of users who just want some privacy.

This costs the target victim nothing, and they can repeat it as many times as they want.
How does the victim get to do that indefinitely when the coordinator is supposed to ban him after refusing to sign and disrupt the round? What prevents the attacker coordinator from simply marking these inputs as blacklisted, with DoS protection measure as an excuse?
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
What if the Transaction is still created even if I am a target and am backing out?

Then you have the opportunity to burn the Sybil attacker's funds in mining fees. Honest coordinators issue temporary bans to non-signer inputs as a DoS protection measure, so a convincing Sybil attacker would have to do the same. During this ban time, the attacker would have to continue to pay mining fees to remix some portion of the UTXOs that the target originally observed in the transaction as well as their ancestors and descendants. The more convincing the attacker tries to be, the more mining fees they have to pay. This costs the target victim nothing, and they can repeat it as many times as they want.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
My points proved conclusively that coordinators are trustless. You can even use all 3 anti Sybil methods together at once, you don't have to rely on just one:

- First, register your private coin to the coordinator. If it's accepted, then there's no Sybil attack.
- Second, ask your friend to register a coin to the same round. If it's accepted, then you've confirmed for a second time that there's no Sybil attack.
- Third, just to be absolutely sure, back out of the round during signing to check to see if the transaction was built to target you. If the transaction is created, you've confirmed for a third time that there's no Sybil attack.
What if the Transaction is still created even if I am a target and am backing out?
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
Having said that, no blockchain analysis representatives have an account here otherwise maybe they could given an answer.

Actually, we have a partner of a blockchain analysis company posting in in this thread: BlackHatCoiner.

BlackHatCoiner and o_e_l_e_o were both hired by the 'Mixtum" blockchain analysis company to get Bitcointalk users to deposit their BTC into their custodial spy network:

Quote from: Mixtum
3. Quality scoring of incoming transactions
We run a thorough background check of incoming funds through a proprietary algorithm.

2.1. Privacy Policy

Please refer to our Privacy Policy to get an understanding of our confidentiality obligations. You consent to the collection and use of information as described in the Privacy Policy.

2.2 Suspension or termination of services

Mixtum reserves the right to suspend or terminate access to services at any time at its own discretion, with or without reasons, with or without notification assuming no responsibility whatsoever.

For example, services may be suspended or terminated due to the following reasons:

    an actual or suspected violation of these Terms and Conditions;
    use of the service in such a manner that is conducive to the legal liability of Mixtum or Service malfunction;
    planned or unplanned maintenance, etc.

2.3 Unacceptable use

You agree that you personally will not commit, encourage or support the committal of:

    use of any unauthorized means to access the Mixtum service or use of any automated process or service (for example, spider, crawler or periodic caching of information stored or generated by Mixtum) except for the functions described in our API, as well as distribution of instructions, software or tools with this aim in view;
    modification, change, distortion or any other interference in work of the Mixtum service;
    disturbing or interference in operation of servers or networks used by Mixtum to deliver the Services;
    disabling, overload or degradation of Mixtum performance (or any other network connected to the service);
    use of the Mixtum service or website for any other purposes other than those specifically provided by these Terms and Privacy Policy;
    any illegal or fraudulent activity, as well as use of this Service in order to legalize illegal income, financing of terrorism, participation in schemes of phishing, forgery or other such falsification or manipulation;
    unauthorized spamming, pyramid schemes or any other activity duplicating unwanted messages should they be commercially oriented or of other nature.

2.4 Service updates

At any time and at its absolute discretion Mixtum can carry out unscheduled works related to the service modification, update and enhancement. We are liable to add or remove functions and cease activities of the service and website.
2.5 License and restrictions

Mixtum provides you with a personal nontransferable nonexclusive license to use the Service as it is stipulated for you by Mixtum. This license is provided under conditions and restricted to the provisions, stipulations and constraints stated in these Terms. Therewith, such license is intended for personal, noncommercial use. You may not copy, modify, create a derivative work of, decompile or otherwise attempt to extract the source code of the service or any part thereof, exclusive of data permitted by law, or expressly allowed by the Mixtum platform (use of templates, API, etc.). You may not reassign (or grant a sublicense of) your rights to use the service, or otherwise transfer any part of your rights in accordance with these Terms. These Rules do not provide you with any license or permission to copy, distribute, change or otherwise use any applications programming interface despite any provisions to the contrary. No property rights or ownership rights related to the Service are not granted to you according to these Terms. Mixtum reserves all rights that have not been expressly granted.
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
I have had Kruw on my ignore list for a very long time. I checked his answers after I asked him a couple of questions but he refused to address them directly therefore I have ignored him again. He chose to post nonsensical answers therefore as far as I am concerned he is (was and will always be) a waste of space and time. He wants to hold a certain position therefore will never give you a direct answer to your question. Having said that, no blockchain analysis representatives have an account here otherwise maybe they could given an answer.

Is there anyone left in this topic, who's understood what I said? Talking with TwistyPhrasy feels like a loss of my time.
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
Is there anyone left in this topic, who's understood what I said? Talking with TwistyPhrasy feels like a loss of my time.

My questions weren't rhetorical. I'll repeat them for you:

Why wouldn't my solutions protect me? Explain how I can still be Sybil attacked if I use the methods I described to you. Start with method 1, explain how the malicious coordinator could defeat it, then go on to method 2, explain how the malicious coordinator could defeat it, then go on to method 3 and explain how a malicious coordinator could defeat it.

Your claim is that a malicious coordinator can exploit the trustless protocol in 3 different ways without being detected, yet you've provided absolutely zero explanation on how the malicious coordinator would achieve this.


I would warn users on using Wasabi, as it's caught into being flawed software: https://twitter.com/wasabistats

Why are you still trying to spread this lie after you already found out that the "wasabistats" Twitter account is flagging remixes as false positive merges?  This was already decisively proven to be a hit job account: https://twitter.com/Kruwed/status/1642612625883164672

Then your claim is that other participants in your coinjoin who remix hurts your privacy by decreasing the anonymity of your coins below what is displayed in the client:

Quote from: Twitter Post
Don't trust, verify!  120 of those 132 "output merges" are outputs being remixed, which are detected as false positives since KYCP cannot tell the difference between outputs merged to make a payment and outputs that were remixed in another coinjoin. https://i.ibb.co/YDPGYdC/sheet.png

You have it literally backwards: When coinjoin outputs are remixed, it makes it more difficult to trace funds in the initial coinjoin because it expands the number of possible options where a coin could travel before reaching its final destination.

So my question is, why are you lying about remixing, which increases privacy, by calling it a flaw? It's obvious you are lying about remixing hurting privacy, because if you weren't, then you would be running a coordinator that rejects remixed funds from joining new rounds.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Is there anyone left in this topic, who's understood what I said? Talking with TwistyPhrasy feels like a loss of my time.
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
Your "solutions" don't protect you against a malicious coordinator

Why wouldn't my solutions protect me? Explain how I can still be Sybil attacked if I use the methods I described to you. Start with method 1, explain how the malicious coordinator could defeat it, then go on to method 2, explain how the malicious coordinator could defeat it, then go on to method 3 and explain how a malicious coordinator could defeat it.

There is this account in Twitter, wasabistats, which has recorded a bunch of Wasabi coinjoins with an anonymity set delivered to nowhere close of what was advertised in the client. The reason is simple, people consolidate their private coins in such a manner that downgrade the anonymity set. For example, if in a 200 input / output coinjoin, 190 of them are consolidated in another transaction, then de-anonymizing the other 10 inputs becomes a much easier problem to solve.

We already covered this, these 190 outputs remixing INCREASES the total anonymity set compared to what is displayed in the client. Why do you continue to lie by claiming that remixing hurts the privacy of others? If you think this is true, why don't you run your own coordinator that rejects all remixing inputs?
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
- First, register your private coin to the coordinator. If it's accepted, then there's no Sybil attack.
Step 0: Find private coins outside Wasabi.  Grin

I explained to BlackHatCoiner 3 different ways to confirm that a coordinator is not a bad actor
Your "solutions" don't protect you against a malicious coordinator with sufficient liquidity, filling the coinjoin with his inputs, with variable amounts. This way, de-anonymization can be orders of magnitude more effective, through blockchain heuristics like observing input and output clustering.

There is this account in Twitter, wasabistats, which has recorded a bunch of Wasabi coinjoins with an anonymity set delivered to nowhere close of what was advertised in the client. The reason is simple, people consolidate their private coins in such a manner that downgrade the anonymity set. For example, if in a 200 input / output coinjoin, 190 of them are consolidated in another transaction, then de-anonymizing the other 10 inputs becomes a much easier problem to solve.
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
A question for Kruw and the more technical users/people, or regular Wasabi users in the topic. How can we verify for ourselves if a coordinator is a bad actor or not? Because if it's possible to do it, I believe we should have a guide/topic made for newbies and non-technical users, no?

I believe Don't trust, verify should apply in this, instead of us merely squabbling with each other. But if we can't do it, then can we say that coordinators are trusted-third-parties? 🤔

I explained to BlackHatCoiner 3 different ways to confirm that a coordinator is not a bad actor:

My points proved conclusively that coordinators are trustless. You can even use all 3 anti Sybil methods together at once, you don't have to rely on just one:

- First, register your private coin to the coordinator. If it's accepted, then there's no Sybil attack.
- Second, ask your friend to register a coin to the same round. If it's accepted, then you've confirmed for a second time that there's no Sybil attack.
- Third, just to be absolutely sure, back out of the round during signing to check to see if the transaction was built to target you. If the transaction is created, you've confirmed for a third time that there's no Sybil attack.

Other than that, a cautious user should enable "Red Coin Isolation" in Wasabi's coinjoin settings to avoid leaking metadata between two non-private coins if a user happens to disconnect midway through a round.
legendary
Activity: 2898
Merit: 1823

In the end the decision is yours but in the opinion of many in the forum including myself, you should avoid anything related to Kruw. You would be better off using an alternative co-ordinator instead because his activity and conduct in the forum has alienated himself from most others that post in similar topics.


A question for Kruw and the more technical users/people, or regular Wasabi users in the topic. How can we verify for ourselves if a coordinator is a bad actor or not? Because if it's possible to do it, I believe we should have a guide/topic made for newbies and non-technical users, no?

I believe Don't trust, verify should apply in this, instead of us merely squabbling with each other. But if we can't do it, then can we say that coordinators are trusted-third-parties? 🤔
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
if the anon set is low on that coordinator and blacklisted UTXO's are allowed into the coinjoin could that potentially flag my non-blacklisted coins as blacklisted?
No one can provide a completely satisfactory answer to this question. Generally, if you use services that discriminate against users based on flawed blockchain analysis results, you could be blacklisted even if you haven't used coinjoin. This could happen because the previous owner of your coins was flagged by their systems, and as a result, you could be flagged too. If I remember correctly, there have been instances where Wasabi coinjoins were flagged as "suspicious" activity by popular centralized exchanges.

It's not a question to ask Wasabi, but blockchain analysis firms. However, you might find this write-up useful: https://bitcointalksearch.org/topic/blockchain-analytics-is-more-of-an-art-than-science-5464886.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
if the anon set is low on that coordinator and blacklisted UTXO's are allowed into the coinjoin could that potentially flag my non-blacklisted coins as blacklisted?
I suppose it is safe to assume your 'non-blacklisted coins' will have a high chance of still being flagged by any Third Party who decides to check up on the source of your Coins and finds out they have recently been through a Coin Join.  Particularly if the Blockchain Analysis collaborator of the Service is different from the Blockchain Analysis collaborator of the Coordinator.  Is there any scenario where users of Wasabi successfully deposited Coin Joined Bitcoin on a Centralized Exchange several times with no consequences?
jr. member
Activity: 44
Merit: 27
Currently OpenCoordinator has 0% + free remixing and another important function their website states: no country blocklists, no UTXO blocklists.

if the anon set is low on that coordinator and blacklisted UTXO's are allowed into the coinjoin could that potentially flag my non-blacklisted coins as blacklisted?

member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
Reminder that you can follow the 'Liquisabi' bot on X or Nostr to keep up with liquidity stats for coinjoin coordinators:

https://x.com/LiquiSabi
https://primal.net/p/npub1u4rl3zlfa2efxslhypf4v6r8va5e0c9smxyr5676pxkyk0chn33s0teswa
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
Hello, I'm a new user of wasabi. I usually run manjaro but at the moment I only have windows. I've installed wasabi and I'd like to try the coinjoin function.
I also have a raspiblitz node but it's not running at the moment. Is it safe to use it under windows or would you advise me to wait and do it under linux?

I use Linux when coinjoining because I know Windows/Mac have bad privacy. Also, at this moment there's a global notice on Bitcointalk warning about a critical Windows security bug: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38063

This is the list of operating systems that Wasabi supports: https://github.com/WalletWasabi/WalletWasabi/blob/master/WalletWasabi.Documentation/WasabiCompatibility.md

Wasabi is also available in the Start9 app store: https://marketplace.start9.com/wasabi-webtop?api=community-registry.start9.com&name=Community%20Registry

I've configured the coordinator with https://kruw.io
is it correct and functional?

Your coordinator box in the client should be configured to https://coinjoin.kruw.io/

In the end the decision is yours but in the opinion of many in the forum including myself, you should avoid anything related to Kruw. You would be better off using an alternative co-ordinator instead because his activity and conduct in the forum has alienated himself from most others that post in similar topics.

What "activity and conduct"? You claimed before I "embarrassed myself" but never provided any embarrassing quote:

zkSNACKs did not, was not and is not shut down yet when you describe yourself as a "Contributor to Wasabi Wallet" but you are not willing to explain what that means. You already embarrassed yourself with your gutter-level conduct over recent months and now you are embarrassing yourself even further by avoiding to answer.

How did I "embarrass myself"?

Then you claimed I had previously made "gutter level statements" but never provided any of these statements:

I am not taken aback nor surprised by what you posted because as far as I (and other are concerned) there is nothing you could possibly say that would be considered shocking or even more gutter level than your previous statements.
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
In the end the decision is yours but in the opinion of many in the forum including myself, you should avoid anything related to Kruw. You would be better off using an alternative co-ordinator instead because his activity and conduct in the forum has alienated himself from most others that post in similar topics.

Currently OpenCoordinator has 0% + free remixing and another important function their website states: no country blocklists, no UTXO blocklists.

At the very least you should take a look at other options and keep your options open: https://wabisator.com/

Hello,
I'm a new user of wasabi.
I usually run manjaro but at the moment I only have windows. I've installed wasabi and I'd like to try the coinjoin function.
I also have a raspiblitz node but it's not running at the moment. Is it safe to use it under windows or would you advise me to wait and do it under linux?
I've configured the coordinator with https://kruw.io
is it correct and functional?
newbie
Activity: 8
Merit: 0
Hello,
I'm a new user of wasabi.
I usually run manjaro but at the moment I only have windows. I've installed wasabi and I'd like to try the coinjoin function.
I also have a raspiblitz node but it's not running at the moment. Is it safe to use it under windows or would you advise me to wait and do it under linux?
I've configured the coordinator with https://kruw.io
is it correct and functional?
Pages:
Jump to: