Topic: We should not rely on centralized privacy providers (Read 190 times)

Wasabi Wallet by default only use zkSNACKs coordinator, which isn't good example of decentralization. Here are better example,
1. New Whirlpool CoinJoin protocol have algorithm to discover and choose random coordinator, https://blog.samourai.is/decentralized-whirlpool-stage-1/.
2. On JoinMarket, you could become either maker or taker where ideally you should cooperate with different participant each time, https://github.com/JoinMarket-Org/joinmarket-clientserver.

As for trustless, it depends on each CoinJoin protocol.

You have covered all the points related to the privacy issue well, the main problem is with centralized and even decentralized third party services because all these services can be attacked and taken over by the government.

It is absolutely true, as you mentioned, that Bitcoin is completely P2P, but even this has a point of failure in my opinion, because it depends on trust. You cannot send Bitcoin to the other party unless you know him or trust him. If you want to send Bitcoin to someone you do not know, then You need a broker or collateral otherwise you run the risk of losing your money.

You are right, privacy is very valuable and we should always have our privacy in min, when doing a transaction or even submitting our data somewhere. Best bet is to avoid entering our personal data anywhere and just buy in a local shop, where we can buy anonymously.
Entering our personal data somewhere always makes us vulnerable by exposing our privacy.
A centralized privacy provider poses huge risk because all data needs to be processed at such centralized privacy providers. It is a single point of failure.

We can do a lot to gain more privacy, alone by avoiding a centralized service, where our coins can be tracked and even frozen. Centralized exchanges are tempring to send our coins to because it's easier but it's better to avoid to send our coins to a centralized exchange.

Privacy means caution and learning, as using Monero as a bridge to break the connection between your inputs and outputs. using a P2P exchange with Tor will be sufficient, but privacy is much deeper than that. If you browse randomly, use block explorers to check your addresses, closed source wallets, SPV wallets without Tor. The amount you paid to break the link between your inputs and outputs will not help you in enhancing your privacy.

There is no way for blockchain analysis to know why a transaction was made from BTC address A to BTC address B if both addresses aren't KYC-ed. They don't even know if the same person owns both addresses or coin ownership happened. But following the money trail might lead all or some of the coins to land on an address connected to a real person who underwent KYC. At that point, the coins might have changed ownership several times.

Not if there are no logs to seize. If a service claims it's not keeping logs but still is, it's worth asking why? Perhaps that lie is their bargaining chip. If they get arrested/charged, they can say, please be lenient to us, and we will give you logs of the people who used our services for a lighter sentence. This is more a question of honestly and ethics than anything else.

Wasabi's zkSNACKs coordinator isn't, and it funds blockchain analysis, the enemy of Bitcoin and privacy. However, JoinMarket is. It's also more complicated to set up, and surely has a smaller userbase.   

Last thing I remember, there was one wallet that uses conjoins, but then a good deal of privacy leaning members don't trust it because, there is talk of zkSNACKs its coordinator blacklisting "tainted coins"

How is that decentralized and trustless? Educate me 

If you want to avoid centralized mixers, then you can use CoinJoin protocols that is trustless and also decentralized. However it depends on what the user wants and also their knowledge. Mixers are very effective for privacy, but they are centralized and you have to trust the service to send you back your mixed coins into your receiving address and also to delete logs after the mixing process.

Privacy is a costly good and we really need to consider how to protect our coins by maintaining a good privacy.

As we know from Bitcoin, all address connections are public, possible to track via Blockchain analysis for everyone. Sending a transaction from one of our addresses to another will cause a connection, not limited if it’s our own address or an address from someone else. It is up to us to maintain a good privacy and avoid that our coins to tell too much about us.
Bitcoin is not private but it can be private if we are careful enough to maintain a good privacy.

When trying to maintain a good privacy, we can divide it into 2 major points:

-   Taking steps by ourself to maintain privacy
-   Services to enhance our privacy

I've covered point 1 in my topic "Check twice before sending transaction if it will impact your privacy negatively", so let’s go to point 2 now:


Centralized privacy providers have a single point of failure

We might have heard about it, but centralized services can be seized. Recent examples are several mixers like ChipMixer and Sinbad.io but also privacy enhancing wallets like Samourai Wallet.

As theymos also knows: governments are good at shutting down centralized services if there’s a so called single point of failure, in our case developers which can be arrested and centralized services, which can be seized, online websites, which can be shut down.

And here, we have also to consider to be very careful. Seizing such services will always be a risk to bust our privacy. If privacy services are seized, it'll always be a risk of mixing logs to be leaked and address connections to be revealed.
As it happened to ChipMixer, when several Terabyte of data was collected, among it very likely logs but also private keys (Chips from ChipMixer), where several customers of ChipMixer have reported about coins from such "Chips" being transferred to a different wallet.

We also have to fully trust centralized mixer operators to be honest and to delete logs, which is a big security risk.
Centralized services are somehow against Bitcoin's nature of a decentralized system as we have to trust a middleman, while Bitcoin is fully P2P.


Centralized privacy providers can be honeypots

A honeypot website is a website which is set up and operated to collect certain confidential information on purpose. When people are visiting a honeypot site, various confidential information will be scraped and stored, like your IP address or your entered information but not limited to.

Such data is very valuable for any investigation of crime or business purposes like identifying which wallet belongs to an individual, a company or which interactions an Bitcoin address reveals.
For some cases it might be helpful to catch scammers and hackers but for our privacy, a honeypot website should be avoided, of course.

Honeypots are posing a serious danger to our privacy. We might believe it's quite a normal website and our information is treated confidently, while in reality, any of our data will be stored.
In addition to our IP address etc., entered Bitcoin addresses will be scraped, stored and forwarded to any entity. Addresses will get reviewed and address connections will get revealed.

For privacy enhancing services, we might even pay a fee and not only get nothing in return but also have a privacy risk of believing our Bitcoins are mixed but in reality, logs are kept.

In case of a deliberate honeypot website, deem any privacy assurances as disposable.

I've written more about Honeypot websites here: "Honeypot websites are dangerous for our privacy - BEWARE"



Conclusion: we should not try to maintain our privacy by relying on centralized services as such centralized services are likely to be shut down and such services are full of risks and red flags due to requiring a middle man, when it comes to maintain a good privacy, while Bitcoin is fully P2P.


PrivacyOui