Pages:
Author

Topic: Wasabi Wallet - Open Source, Noncustodial Coinjoin Software - page 40. (Read 11428 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I don't see much relevance when AFAIK WabiSabi coordinator (run by zkSNACKs) use .onion address and Wasabi Wallet only connect to either your local node or someone else full node which also use .onion address. CMIIW.

The worst that can happen is censorship in the form of a Sybil attack, but nobody's going to be able to gather enough Tor exit nodes for carrying one out, because the Tor network keeps kicking them out. Besides, it's really only of interest to a nation state - career criminals see there's no money to be gained here and move on.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
This is not just about Wasabi but any service relying on TOR for security.
Just keep in mind, you are relying on the fact that the TOR exit node you are using is actually not malicious / monitoring what you are doing.

https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year

Just something to keep in the back of your head.

-Dave

I don't see much relevance when AFAIK WabiSabi coordinator (run by zkSNACKs) use .onion address and Wasabi Wallet only connect to either your local node or someone else full node which also use .onion address. CMIIW.
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
How can this information be fed into the clustering algorithm to make it more precise?

An exception would have to be entered manually, I would assume.

This might be one of the challenges that is impeding the development of the banning software, since I'm pretty sure you'd be feeding transaction chains into a neural network, and the only way to take this information into account would be by adjusting weights, but that's assuming the clustering is using NNs in the first place.

The most reliable heuristics in order are:

-Address reuse
-Common input consolidation
-Matching input script type to change script type
-Other matching change fingerprints (like version/nlocktime value, RBF flag, fees paid in sat/vbyte or in total sats) when all output scripts are the same

The less reliable ones would be:

-Round payment amount
-1 output transfers, which could be a self spend or a payment
-Matching origins/destinations
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
This is not just about Wasabi but any service relying on TOR for security.
Just keep in mind, you are relying on the fact that the TOR exit node you are using is actually not malicious / monitoring what you are doing.

https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year

Just something to keep in the back of your head.

-Dave

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I suppose you could always voluntarily disclose where/how funds were obtained if you think a false positive ban has occurred.  The ban might not be lifted, but this feedback may help indicate that wallet clustering heuristics are being applied too aggressively.

How can this information be fed into the clustering algorithm to make it more precise?

This might be one of the challenges that is impeding the development of the banning software, since I'm pretty sure you'd be feeding transaction chains into a neural network, and the only way to take this information into account would be by adjusting weights, but that's assuming the clustering is using NNs in the first place.
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
Kruw, nopara73, Wasabi, I have one question. It might currently not be a real concern, but it could be something of an issue if more and more people CoinJoin through Wasabi, and therefore with that, more and more "false positives" also happen.

How do we refute that an "alert" is a "false positive"? Because the blockchain analysis company could always claim that a "true positive" is proof of the reliability of the system, while a "false negative" could be used to claim that the company should set up tighter filters.

I believe that's something that the developers, and the community, could get together and work on.

I suppose you could always voluntarily disclose where/how funds were obtained if you think a false positive ban has occurred.  The ban might not be lifted, but this feedback may help indicate that wallet clustering heuristics are being applied too aggressively.
legendary
Activity: 2898
Merit: 1823
Kruw, nopara73, Wasabi, I have one question. It might currently not be a real concern, but it could be something of an issue if more and more people CoinJoin through Wasabi, and therefore with that, more and more "false positives" also happen.

How do we refute that an "alert" is a "false positive"? Because the blockchain analysis company could always claim that a "true positive" is proof of the reliability of the system, while a "false negative" could be used to claim that the company should set up tighter filters.

I believe that's something that the developers, and the community, could get together and work on.
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
Ready for the coinjoin of the week? 30 BTC feels like a lot more than it used to... https://mempool.space/tx/f3d4ea873616b086959432f0b0797ca68ff7dacd5f4b8d27c707132b3dbb6c9e

Number of inputs: 333
Number of outputs: 326
Value: 30.54013805 BTC
Fee rate: 40.49 sats/vbyte
Input anonset: 3.78
Output anonset: 8.15
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
OK. Do you care to share some feedback about the initial onboarding process with a Trezor through Wasabi instead of the Trezor Suite?

Yes, the original text I wrote is now deprecated since Trezor has introduced native hardware wallet coinjoins directly through Suite earlier this year.  This separate coinjoin account in Suite uses a new xpub that only communicates with Tor and block filters, just like Wasabi does.

Ledger Live is open-source. Those who know how to could check that. I don't personally believe that Ledger or Trezor don't have knowledge of your master public keys and that those keys don't interact with their servers. At least with the Trezor Suite it can go through TOR. I don't think it's possible with LL.  

But Ledger's firmware is closed source, so you don't know if the key material was compromised before you even got your hands on the device.
member
Activity: 103
Merit: 327
Wasabi earned the coinjoin bounty prior to the existence of its 2.0 version, which far exceeds what was seen in 1.0
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Reputation for innovation
Wasabi Wallet was awarded a share of Bitcointalk's longstanding coinjoin development bounty, along with JoinMarket:

Congratulations to the Wasabi and JoinMarket developers! JoinMarket pioneered a lot of CoinJoin science (and BTW, belcher wrote an excellent & comprehensive wiki article on privacy), while Wasabi is the first wallet that implements CoinJoin in both a highly-usable and sound way. As both a signer and a donor to the CoinJoin bounty fund, I'm thrilled that these two pieces of software exist!

Here are additional context about the bounty for other readers,
1. https://bitcointalksearch.org/topic/m.2983911.
2. It's awarded when only Wasabi Wallet version 1 exist, before controversy of Wasabi Wallet/zkSNACKs exist.
legendary
Activity: 2730
Merit: 7065
I guess I can't say for certain because I've never used Ledger, I've only used Trezor and Coldcard.
OK. Do you care to share some feedback about the initial onboarding process with a Trezor through Wasabi instead of the Trezor Suite?

Ledger claims that your xpub is never sent to their servers, but I think the 20 addresses within your gap limit is - https://support.ledger.com/hc/en-us/articles/360011069619-Extended-public-key-xPub-?docs=true
Ledger Live is open-source. Those who know how to could check that. I don't personally believe that Ledger or Trezor don't have knowledge of your master public keys and that those keys don't interact with their servers. At least with the Trezor Suite it can go through TOR. I don't think it's possible with LL. 
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Any idea what's going on with Symmetrick and why he is destroyig all of his threads?
Probably has to do with this: Should Ratimov aka Symmetrick be in DT1?. Let's not derail Wasabi's thread regarding that.
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
I am aware of that. You mentioned in your OP the initial setup going through Wasabi and I asked how and in what way? Has Wasabi created a tutorial for it?

I guess I can't say for certain because I've never used Ledger, I've only used Trezor and Coldcard.  Ledger claims that your xpub is never sent to their servers, but I think the 20 addresses within your gap limit is - https://support.ledger.com/hc/en-us/articles/360011069619-Extended-public-key-xPub-?docs=true

Thanks for the feedback.  I'll remove the claim from the OP since Ledger is closed source anyways and you have no guarantees about what they are doing with your private or public keys. 
legendary
Activity: 2730
Merit: 7065
The ridiculous petition was locked, I didn't start that topic.
I wasn't talking about that one. It got achieved and locked a few days ago. I meant the Wasabi thread with over 50 pages. But I see now that the OP went on a locking and deletion spree for whatever reason. 

I don't recommend Ledger generally since it's closed source, so you trust them completely.
I am aware of that. You mentioned in your OP the initial setup going through Wasabi and I asked how and in what way? Has Wasabi created a tutorial for it?

To be fair, it was not a moderator or admin, the OP of the previous topic is still in a deranged mood and locking all his topics.
I think the petition thread was locked by the staff. The last post in it was from achow101 who told everyone to chill. After that it was locked but not achieved. Any idea what's going on with Symmetrick and why he is destroyig all of his threads?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Try to stay on topic and avoid posting nonsense to avoid having your topic achieved and locked by the admin team again. It should be in your best interest.

To be fair, it was not a moderator or admin, the OP of the previous topic is still in a deranged mood and locking all his topics.
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1
Try to stay on topic and avoid posting nonsense to avoid having your topic achieved and locked by the admin team again. It should be in your best interest.

The ridiculous petition was locked, I didn't start that topic.

On a serious note. How would this work?
You need Ledger Live during the onboarding process and initial setup. You need to install the crypto apps on the wallet. I guess the software already records everything it needs/wants at that stage. Trezors are shipped with no firmware installed on the devices, but I guess you can get all that from their GitHub. Can you install Ledger apps including the 3rd-party apps from their GitHub as well and set everything up through Wasabi?

I don't recommend Ledger generally since it's closed source, so you trust them completely.
legendary
Activity: 2730
Merit: 7065
Try to stay on topic and avoid posting nonsense to avoid having your topic achieved and locked by the admin team again. It should be in your best interest.

Cold storage interface
If you initially set up your hardware wallet using Wasabi as the front end instead of the default Ledger Live or Trezor Suite apps, it will prevent your IP address and Bitcoin wallet addresses from being leaked to Ledger's & Trezor's servers.
On a serious note. How would this work?
You need Ledger Live during the onboarding process and initial setup. You need to install the crypto apps on the wallet. I guess the software already records everything it needs/wants at that stage. Trezors are shipped with no firmware installed on the devices, but I guess you can get all that from their GitHub. Can you install Ledger apps including the 3rd-party apps from their GitHub as well and set everything up through Wasabi?
member
Activity: 378
Merit: 93
Enable v2transport=1 and mempoolfullrbf=1


Privacy is your ability to selectively reveal yourself to the world. - [Cyperpunk Manifesto]

Official download  https://wasabiwallet.io/#download
Onion link http://wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion/
Open source code https://github.com/zkSnacks/WalletWasabi
PGP (software verification guide) 6FB3 872B 5D42 292F 5992 0797 8563 4832 8949 861E
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Wasabi provides network level privacy
Other light wallets sacrifice your privacy in exchange for speed by leaking all of the addresses in your wallet to a third party server. This third party server also is able to see the IP address your wallet connects from, which can provide them even more data to tie your Bitcoin addresses to your identity.  

Congratulations to the Wasabi and JoinMarket developers! JoinMarket pioneered a lot of CoinJoin science (and BTW, belcher wrote an excellent & comprehensive wiki article on privacy), while Wasabi is the first wallet that implements CoinJoin in both a highly-usable and sound way. As both a signer and a donor to the CoinJoin bounty fund, I'm thrilled that these two pieces of software exist!

For everyone looking to improve their privacy, I highly recommend checking out Wasabi, especially over centralized "mixers".


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Official Wasabi social network channels:

Quote from: Wasabi Wallet
                                               
Pages:
Jump to: