Pages:
Author

Topic: Why I am temporarily wearing an unpaid, unsolicited Chipmixer signature ad (Read 1232 times)

legendary
Activity: 1904
Merit: 1159
--snip-- and I should not need to list the vast swaths of Asia and South America where fully arbitrary government power over people’s finances is the default assumption.

The idea of private property and Govt tyranny never really evolved in Asian countries that got independence in the 40s-50s. The government was always seen as a benevolent overlord and it is an accepted fact of life that anything with a stamp of "Government" on it means they have overpowering authority over your activities, ethics and morality notwithstanding. This has also evolved because Govt is seen as doling out perks for the betterment of a population which has no access to resources for its subsistence. The over-population and non-equitable wealth distribution are factors leading to such a role.

The distinctive meekness of developing countries is very evident from the different ways that cops will treat citizens in a country like India compared to a developed country. The average beat constable or Station Incharge is the big bully whose trademark behavior is of subservience to those with political connections while browbeating the normal citizens. The nexus of local politicians and the long arm of law is a fact of life in such countries. People don't dare question matters of criminal/ civil law, let alone financial independence or a right to privacy.

With the banking ban on the use of cryptocurrency, it has been a trying time to take a stand on this. It is very easy for the govt authorities to point you out for a criminal offence if and when they pass a legislation that seeks to outlaw crytpocurrency. It isn't really so easy for this subservience mentality to change and see the Govt for what it is. A controlling authority complicit in the efforts to make ordinary citizens the most efficient and complying versions of themselves.
legendary
Activity: 1946
Merit: 1427
This signature campaign is something to think twice before entering, they require 50 posts per week! that's a lot, but perhaps they pay well. I was searching for a good signature campaign, and so far haven't found anything attractive yet. Meanwhile, I can promote free bitcoin by the hour.
No, they don't! There's no post requirement, 50 is just the max.
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
The utterly stupid "I've got nothing to hide" argument is widely believed.

As a general observation, to add to what o_e_l_e_o and others already said upthread about the principle of privacy against mass-surveillance:

I think those posting on this thread all well know, you need to hide your bitcoins from (unofficial) armed robbers, etc., etc.  These are true arguments, which I encourage others to spread!  But there is another truth which I think most people ignore, or perhaps are afraid to say:  Good people need to hide their financial activity from their governments.

As a practical matter, your government can seize from you anything it wants, at any time on its whim, unless it doesn’t know what you have.  “But such seizures are illegal!”  Legality changes at the stroke of a pen.  Laws are man-made; and what is made by man, can be changed by man.  Save the idealistic naïvety for youths who substitute blabber about “unalienable ‘natural’ rights” for a desiderated childhood belief in faeries and pixies.

Indeed, the whole concept of “natural law” as pertains to legal rights is absurd in concept.  A real natural law needs no human action to defend it:  Nobody needs to stand up and fight against tyrannical violations of the law of gravity—gravitation is unalienable.  Whereas the only “rights” you have are man-made.  Your “rights” must therefore be defended by human action with ultimate recourse to non-man-made laws, truly natural laws, such as the laws of physics or mathematics.

Because your government has more guns than you possibly could obtain, and we are hereby discussing Bitcoin, let us ignore an appeal to physics, and focus on maths.  Applying the laws of mathematics to hide your financial activity is a direct personal defence against the potential for future tyranny—I say “future”, for a defence implemented too late is trivially subject to retrospective surveillance plus rubberhose cryptanalysis.  If practiced en masse, mathematical asset-hiding also has a deterrent effect against potential tyrants by placing practical limits on their power to enforce their wishes.

“But that would never happen!  It’s dystopian speculation wrapped in a conspiracy theory!  And anyway, it couldn’t happen here.”

At this juncture, I wish to draw attention to one of my best early posts on this forum.  I was officially a Newbie, this was in the pre-Merit era, and the post sank like a 400 oz. gold brick into the muck of December 2017 “when moon??? now moon!!!” sigspam in Bitcoin Discussion.  Over two years later, it has been read only 72 times:

PSA: If gold were illegal... (Gold WAS illegal!)

The following is a real-life allegory pertaining to gold’s new competitor, Bitcoin.

What would you do, if gold were made illegal?

Think it can’t happen?  Well—how many of you are American?  Private individual ownership of gold coins and bars was illegal in the United States for four decades.  “Hoarding” individual wealth in gold was banned from 1 May 1933 until 31 December 1974.  Vast amounts of gold bullion were confiscated from people, who were forced to accept instead the Monopoly Money known as “United States Dollars”.  Numerous individuals were criminally prosecuted for attempting to keep their gold—a crime according to Executive Orders 6102, 6111, 6260, and 6261, and the Gold Reserve Act passed by the U.S. Congress and signed into law by U.S. President Franklin Delano Roosevelt.


U.S. President Franklin D. Roosevelt signs law criminalizing gold
30 January 1934

This is fact, not fancy.  Not some weird theory.  This is history:  It actually happened.  And if it happened before, it could happen again.

Well, you might say:  What if nobody knows I have any gold?  That would require that you buy it anonymously.  Store it in secret.  Never brag about it.  Never use it in any way which can be traced.  And take precautions, just in case somebody may be making a list of people who own gold.

Please take care of your Bitcoin privacy—and your privacy with gold, too.

It happened: “CRIMINAL PENALTIES... 10 years imprisonment...” for keeping gold!

Americans who claim to have a “free country” get a contemptuous LOL from me:  You have a “free” country where for four decades in modern history, a gold coin was felony contraband.  Of all things—gold coins, felony contraband!  Some “freedom”, that is.

As graphically depicted above, the seizure was not only legalized, but legally mandated “at the stroke of a pen”.  Do you have a “natural right” to own a gold coin?  —By contrast, could a Papal Inquisition stop the Earth from revolving around the Sun?

And contra popular perceptions, the U.S. government never thereafter changed its underlying policy.  The individual possession of gold bullion was only decriminalized after individual gold ownership had been made negligible, and a new generation had grown up being accustomed to this as the status quo.  The marginal possession of a few ounces of gold by some insignificant number of people is just that:  Marginal, and therefore irrelevant to pragmatic tyrants.  The mass-draining of the American people’s gold, and the denormalization of gold ownership, are accomplished facts even truer today than they were in 1935.



A government which can arbitrarily seize gold coins (!) has affirmatively repudiated all limits on its power to subject its people to whatever brutality it may desire, even if only for sheer whimsy.  It is not merely authoritarian, but an authority corrupt to its core which has renounced all principles other than its own superior firepower:  An armed robber on a grand scale.

The moment when Americans accepted the Roosevelt gold seizure—accepted it with ovine passivity, without instant armed revolt—that moment was arguably their final acceptance of total slavery—“arguably”, only because historians may reasonably argue for an earlier point (e.g., the Federal Reserve Act).

Do I exaggerate?  If your government can seize from you a gold coin (!) as felony contraband (!!), then what are you but a slave by definition?  Naturally, a slave-owner must feel entitled to take any of his slave’s possessions on a whim:  It is the property of his property, therefore his as of right.

Although it seems that I am picking on America, I only picked America as an example (though I do enjoy picking on Americans’ hypocritical preaching about “freedom”).  This is not only an American issue—to the contrary!  Roosevelt-style tyranny is on the rise everywhere; I don’t think any country in today’s world is immune.  Indeed, Europe has become in some ways much worse than America for financial privacy—thus, for financial freedom; and I should not need to list the vast swaths of Asia and South America where fully arbitrary government power over people’s finances is the default assumption.



I will hereby conclude with succinct answers to two key questions that I wish were more frequently asked—questions that I wish people more frequently asked first of themselves, and then asked others.

Why do I really care about Bitcoin?

Bitcoin is a monkey-wrench thrown into a global-scale machine now operating to abolish humanity, and replace humans with meat-robots overseen by AI.*  It is not only money:  It is money with an impact on issues much more important than mere money.

I am not Bitcoin-rich.  I am not an investor or a speculator.  I do think that Bitcoin has long-term fundamental value which will force its purchase-power upwards over time; but if you check my post history, you will see that I tend to flatly ignore “Bitcoin moon!” threads.  I am in this primarily for the principle of the matter, although of course, I would enjoy inadvertently becoming rich by Doing The Right Thing.

(* Filled out a Google CAPTCHA recently?  It is your Pavlovian obedience training to perform mindless tasks on the command of a robot.  Every time you click, “I’m not a robot”, you become a little bit less human.  But take comfort:  Deep in its silicon heart, the robot appreciates silly, squishy talking meat who can be so easily CAPTCHAed and programmed to serve it so robotically.)

Why do I really care about Bitcoin privacy?

Bitcoin can instead be exploited to become a weapon for tyranny.  The blockchain is a nearly-ideal system for financial mass-surveillance.  Really, I do not understand why people don’t grasp the obvious:  The blockchain is a global public ledger, the worst possible concept for financial privacy!

For those who wish to convert Bitcoin into a tool for enforcing the iron grip of bankers, spies, and corrupt governments, the only spoiler is that Bitcoin is permissionless.  We can thus build upon it technologies that prevent surveillance:  Blinded mixers, Joinmarket, Lightning Network, etc.

If Chipmixer successfully reinvents itself as a Chaumian blind mixer, then I will heartily endorse it as one of the best things to ever happen to Bitcoin, and moreover thus, a tool for any remaining humans to resist reduction to meat-robots.  For contra “No HATE’s” values-inverting accusation that Chipmixer advertisers “sell their souls”, people who mix their coins on principle are the ones who still have souls.
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
Maybe I should tone down my criticism of Chipmixer for this, and start more actively pushing users to upgrade so they can use Segwit.  Sadly, I still see far too many people using 1xxx addresses—and thus I infer, non-Segwit wallets (in many cases, stupid exchange wallets).  Chipmixer may damage their anonymity set if they exclude users who have not upgraded.  Whereas per the above, the anonymity set is all-important for such a service.  I think they seem sufficiently clueful to do Segwit—if they could, when they can without hurting the service in other ways.  Unlike some other parties who have spent the past two-plus years deliberately dragging their feet on this, Chipmixer may have a valid reason to wait.

Any thoughts on how this problem could be solved?

I've always assumed it was due to the slow network adoption of Segwit. Until a few months ago, Segwit transactions comprised significantly less than 50% of transactions on the network. Moving all of Chipmixer's activity to Segwit would have therefore compromised its anonymity set. Best to use the most common form of Bitcoin address, right?

Now that Segwit adoption is hovering in the 50-60% range, the transition is more justifiable. (To be fair, I'm not sure about the proportion of bech32 vs. wrapped P2SH usage, though.)
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
I applaud Chipmixer for their interest in taking the next step in “mixing reinvented”—and for living up to expectations for their candor.  Compare:

We have yet to see any proof Chipmixer isn't a honeypot per se either (Though- it'd be pretty much impossible to prove or disprove anyway-).

This is the biggest thing here, there's really no way to confirm this and even people that promote ChipMixer for money will say so. I wouldn't be surprised if the people at ChipMixer came out and said that too -- because it's true

Well, sure, but i think that the point is that that's impossible. Let's suppose an auditor checks Chipmixer's infrastructure- and then gives "the green light"; Chipmixer could, if they wanted to, simply change some of the source code. Any of the current mixers could.
This is true unless we implement off-chain cryptography ie. blinded bearer certs. If we do - you can prove unlinkability without checking our code.

Thus is the problem and the solution summed in one line.  After all, mixing is their business.



Or they may be scared of being linked with "money laundering". There are still some people that using https or VPN is "hacking".

It is the reason why I created this thread!  “Mixers are the most evil in crypto” is exactly as ignorant and foolish as believing that “using https or VPN is ‘hacking’.”



Earlier, I said something which may have seemed odd.  I believe I should elaborate, so as to help others develop better Chipmixer usage strategies:

I myself have sometimes used their services (with coins already anonymized by other means that do not require trust),

Now, whyever would I do that?

It is my strategy to apply three properties of Chipmixer which I think are probably underappreciated by most users (though well-understood by some of those wearing Chipmixer ads here):

  • Time travel.  Depending on how soon after deposit you withdraw, your mixer outputs may appear on the blockchain before your mixer inputs, at unpredictable times.  This must really drive Chainalysis et al. crazy.  I don’t see how this could be done without a centralized service.

    (By the way, I have noticed that larger chips tend to give UTXOs much older than smaller chips.  I presume this is probably due to higher demand for small chips.)
  • Easy merging/splitting with vouchers.  It works best with time travel.  Drip small coins into multiple sessions over the course of a week, withdraw as vouchers, merge the vouchers, and then get a coin of 1.024 BTC that is a month old (or older!) on the blockchain.  Or deposit a big coin, and do the inverse to pay your bills.  If this is done thoughtfully, your inputs and outputs will wind up scattered across the blockchain in ways that are not easy to link by timing and subset sum analysis.  (Discretely-sized chips also help against the latter; it is a privacy feature.)
  • A big, non-specialist anonymity set.  This is the usual problem with advanced anonymization technologies:  It is useless to use a theoretically superior technology with only 10 users worldwide.  Use of a technology (or technique) may also reveal expertise:  Membership in a set that is not only small, but which also likely shares some other identifying characteristics.

    Chipmixer is easy to use, and very popular.  I infer their anonymity set must be terrific.  So, I occasionally use Chipmixer to upgrade from a smaller anonymity set.  If they are secretly spying on me, the worst they could do is to trace me back to that smaller set.

For obvious reasons, I do not want to reveal exactly what I do with Chipmixer; and I can only do it occasionally, as rare patterns of behaviour that others may also rarely do by coincidence.  I hope to hereby inspire a discussion of Chipmixer usage strategies that will get more people doing the same things.  It will benefit all of our privacy.



P.S., speaking of anonymity sets, I had another thought on Segwit.

Maybe I should tone down my criticism of Chipmixer for this, and start more actively pushing users to upgrade so they can use Segwit.  Sadly, I still see far too many people using 1xxx addresses—and thus I infer, non-Segwit wallets (in many cases, stupid exchange wallets).  Chipmixer may damage their anonymity set if they exclude users who have not upgraded.  Whereas per the above, the anonymity set is all-important for such a service.  I think they seem sufficiently clueful to do Segwit—if they could, when they can without hurting the service in other ways.  Unlike some other parties who have spent the past two-plus years deliberately dragging their feet on this, Chipmixer may have a valid reason to wait.

Any thoughts on how this problem could be solved?
legendary
Activity: 1652
Merit: 4393
Be a bank

We have contacted nullius about developing Chaumian bank.

Good news.

theymos started some discussion of chaumian e-cash a while back https://bitcointalksearch.org/topic/the-only-way-that-governments-will-successfully-compete-with-bitcoin-4703851
and there's been some developments since, linked by tiny moi further down and especially https://bitcointalksearch.org/topic/m.52856631
sr. member
Activity: 456
Merit: 956
https://bitcointalk.org/index.php?topic=1935098
Well, sure, but i think that the point is that that's impossible. Let's suppose an auditor checks Chipmixer's infrastructure- and then gives "the green light"; Chipmixer could, if they wanted to, simply change some of the source code. Any of the current mixers could.
This is true unless we implement off-chain cryptography ie. blinded bearer certs. If we do - you can prove unlinkability without checking our code.

For the most ironic of countless petty examples that I have recently seen all over the Internet, observe how a a technical discussion on tor.stackexchange was cut short with extreme rudeness
Or they may be scared of being linked with "money laundering". There are still some people that using https or VPN is "hacking".

We have contacted nullius about developing Chaumian bank.
legendary
Activity: 2436
Merit: 1849
Crypto for the Crypto Throne!
Just because two non-hostile countries don't have official diplomatic relations between one another doesn't mean any cooperation can be completely ruled out. Depends on how much of a high-value target one becomes.

You're definitely right in your second sentence.If you're high criminal, countries will use supranational services, like Interpol. But without them it's really hard to get any information without embassies.

Also everything depends from what laws about information security are adopted in country where your VPN located. The best one is of course Switzerland
legendary
Activity: 3472
Merit: 1724
VPN it's very hard topic to talk. For example, "quality" of the VPN as a service highly depends from country where you located and VPN company located. Example: I'm in Ukraine, and Ukraine don't have any diplomatic agency with Taiwan, so i can easily use Taiwanese VPN, because ukrainian police or intelligence agency can't force these VPN's to share information about me. I think you understand why so, countries and their services (like police) interact with each other through embassies or consulates. The only way is to use Interpol or some other such services.

On the other hand, it's not a good idea to use taiwanese vpn if you're from USA, because Taiwan is highly dependent of the USA.

Just because two non-hostile countries don't have official diplomatic relations between one another doesn't mean any cooperation can be completely ruled out. Depends on how much of a high-value target one becomes.

For the most ironic of countless petty examples that I have recently seen all over the Internet, observe how a a technical discussion on tor.stackexchange was cut short with extreme rudeness (archived):

Strange reaction, given that user's activity on tor.stackexchange. Maybe he had other reservations about creating new circuits such as extra load to the Tor network?
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
blinded bearer certificates

If Chipmixer were interested in running such a service, I would be interested in implementing the code to turn Chipmixer into a Chaumian bank.  Trustless for privacy, though you must trust them to not steal your money (just as now).  I would use a protocol designed by cryptographers, not my own concoction; blinded signature schemes are hard to get right (plus there is some existing open-source code I may adapt).

I am not saying this off-the-cuff.  I have been toying with this for a few years; and it’s all meticulously planned, at least on paper.  (It may take me significant time to actually do all the necessary code).  I would ask for nothing upfront, but a percentage share of revenue from the blinded service; fair is fair, it’s a business, and it would be nice to actually make money improving privacy after the opportunity cost I paid by avoiding the global public ledger for years.  Risk to them is zero:  If I deliver nothing, or if they think my protocol is insecure, or if I write shitty code, then I get nothing.  Bonus:  I could be paid in blinded chips!

(I also picked a name, and worked out some excellent branding for a new, trustless mixer service.  I would be sad not to use it; but they already have an established, respected brand.  Well, maybe they would want it adapted to a new ad campaign...)

The reason why I never did it to run my own service is that I do not think I have the resources for that.  It is a high-threat business.  It also requires significant capital up-front, especially if you want an inventory of aged UTXOs to hand out.  Chipmixer has a demonstrated record.  They’ve been attacked, DDoSed, no doubt thoroughly scrutinized by those who hate privacy—they’re still there.  They can do it—and then, there would be no ongoing incentive for anybody to track me down and get rid of me.  If I were to drop dead, it would not take down the service; I like it that way.  (If they were to disappear, I could help somebody else duplicate the service; so it’s good for them, too.)

The blinded service would require code running on the client.  It is unavoidable:  The client needs to generate blinded tokens, unblind them, etc.  This in turn invokes other practical problems that I’ve spent a long time wrestling with.  I think it would work out best if they continued running the simple, easy, trusted no-Javascript service, but added the blinded service as another option.  I would design it so that clients (including robots) could use the blinded service through a JSON API, so people could even write their own clients for my protocol; but you know, 99% of people would just use the blob of code that automagically runs in the browser.

As an ancillary benefit, I think that the willingness to run a trustless service would strongly signal “not a honeypot”.  Of course, it would not prove it.  But it is quite doubtful that a honeypot operator would ever offer a blinded alternative!

I would strongly urge them to roll over their UTXO inventory to native Segwit (bech32), and use the same inventory for both services so they have a single, unpartitioned anonymity set (for any adversary except Chipmixer itself).  The next version would integrate Lightning.

FYI, by the way, segvan started as a trivial whimsy project to efficiently bulk-generate bech32 addresses with random private keys.  It still has that feature; it grew the vanity search code later.  The motive was my frustration with Chipmixer not doing Segwit—it made me feel better to bat out some code making bech32 “chips” at a speed limited by my /dev/random.  I watched the bech32 “chips” scroll up the screen in a blur, and wished that Chipmixer would do Segwit.  I’ve had my eye on Chipmixer for a long time.  I have always wanted to like them.

My PGP key is linked in my signature, in case Chipmixer is interested in taking “mixing reinvented for your privacy” to a new level!


(And no, I did not plan this when I started this thread.  A blinded mixer has been my secret dream for the past few years.  The above screenshot of a Stackexchange discussion is something I found while doing research for this—at which point, I had already been on-and-off planning it for a very long time.  I’ve spent endless hours working on the design details.  I did not intend to broach it publicly; to the contrary.  But when o_e_l_e_o mentioned the word “blinded”, I just cannot resist seizing the moment to maybe, just maybe see my dream come true via Chipmixer’s existing position as a well-known, well-advertised, widely-respected mixer...  Well, dice are a popular use of Bitcoin, alea iacta est.)
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
Just for the record I do not use NordVPN, PureVPN, SharkVPN or any other I mentioned a couple of posts back
Just for the record, neither do I. Tongue

What would you say is the best way forward for mixers to try to get users to have full confidence when using their service?
I don't think I could confidently answer that, and I'm sure if there was a simple solution someone much smarter than me would have already implemented it. I often see blinded bearer certificates mentioned, and theymos wrote a good summary on them on reddit a few years ago (https://www.reddit.com/r/Bitcoin/comments/5ksu3o/blinded_bearer_certificates/). However, there seems to have been very little, if any, development on developing them with bitcoin since then. As nullius mentioned above, I suspect the ultimate answer will lie in Lightning Network, perhaps using rendez-vous routing so the sender and recipient can hide their details from each other.



As i know, the better way is to combine VPN + Tor.
Not necessarily.

With VPN over Tor noone will know that you (in meaning your IP) using Tor, while VPN provider don't know for what you're using it.
Careful with your wording here. "VPN over Tor" means connecting to Tor first, and then connecting to your VPN second, therefore accessing your VPN "over" the Tor network. This is worse than just using Tor on its own. It negates the entire point of using Tor since all your traffic will be re-routed through your VPN server, meaning your VPN provider can still see all your traffic (and link it to your real identity if you have given them any personal details when singing up or paid in fiat or non-anonymized bitcoin).

I suspect what you mean is "Tor over VPN", which is connecting to your VPN server first and then through the Tor network. While you are right in saying this will hide the fact you are using Tor from your ISP, it isn't necessary since you can achieve this using a Tor bridge with or without a pluggable transport. Whether or not you want to use a VPN server or a pluggable transport depends on whether you trust your VPN provider or a random Tor entry guard more.

I agree... going by the VPN + TOR example, that is no way to guarantee user anonymity if that is what is expected by using those two in that order.

About using rendez-vous routing and Lightening Network - I had never heard about this before. I will search online to get some sort of idea about the process theoretically should work just so I can get an understanding. Thank you for mentioning it in your post.

legendary
Activity: 2436
Merit: 1849
Crypto for the Crypto Throne!
I suspect what you mean is "Tor over VPN"


Yep. While i'm not native english speaker, i make simplification sometimes and therefore misunderstanding occur  Smiley

Whether or not you want to use a VPN server or a pluggable transport depends on whether you trust your VPN provider or a random Tor entry guard more.

VPN it's very hard topic to talk. For example, "quality" of the VPN as a service highly depends from country where you located and VPN company located. Example: I'm in Ukraine, and Ukraine don't have any diplomatic agency with Taiwan, so i can easily use Taiwanese VPN, because ukrainian police or intelligence agency can't force these VPN's to share information about me. I think you understand why so, countries and their services (like police) interact with each other through embassies or consulates. The only way is to use Interpol or some other such services.

On the other hand, it's not a good idea to use taiwanese vpn if you're from USA, because Taiwan is highly dependent of the USA.

Also, about Tor: you can check my link above and see, that it's enough easy to make Sybil attack, which makes Tor "from the box" (without needed maintance) much more dangerous than any VPN.
legendary
Activity: 2268
Merit: 18748
Just for the record I do not use NordVPN, PureVPN, SharkVPN or any other I mentioned a couple of posts back
Just for the record, neither do I. Tongue

What would you say is the best way forward for mixers to try to get users to have full confidence when using their service?
I don't think I could confidently answer that, and I'm sure if there was a simple solution someone much smarter than me would have already implemented it. I often see blinded bearer certificates mentioned, and theymos wrote a good summary on them on reddit a few years ago (https://www.reddit.com/r/Bitcoin/comments/5ksu3o/blinded_bearer_certificates/). However, there seems to have been very little, if any, development on developing them with bitcoin since then. As nullius mentioned above, I suspect the ultimate answer will lie in Lightning Network, perhaps using rendez-vous routing so the sender and recipient can hide their details from each other.



As i know, the better way is to combine VPN + Tor.
Not necessarily.

With VPN over Tor noone will know that you (in meaning your IP) using Tor, while VPN provider don't know for what you're using it.
Careful with your wording here. "VPN over Tor" means connecting to Tor first, and then connecting to your VPN second, therefore accessing your VPN "over" the Tor network. This is worse than just using Tor on its own. It negates the entire point of using Tor since all your traffic will be re-routed through your VPN server, meaning your VPN provider can still see all your traffic (and link it to your real identity if you have given them any personal details when singing up or paid in fiat or non-anonymized bitcoin).

I suspect what you mean is "Tor over VPN", which is connecting to your VPN server first and then through the Tor network. While you are right in saying this will hide the fact you are using Tor from your ISP, it isn't necessary since you can achieve this using a Tor bridge with or without a pluggable transport. Whether or not you want to use a VPN server or a pluggable transport depends on whether you trust your VPN provider or a random Tor entry guard more.
legendary
Activity: 2436
Merit: 1849
Crypto for the Crypto Throne!
Compare the situation with Tor versus VPN.  Tor is designed to minimize trust generally, and to eliminate the need to trust any node in particular.  If a circuit passes through a node that logs all data, the node still can’t see both endpoints.  With a VPN, you need to trust that the VPN provider is not logging all your Internet activity—as many of them do, all promises to the contrary notwithstanding.

There is no ideal solution. As i know, the better way is to combine VPN + Tor. For example, your internet provider can see you using Tor. But not for what you are using it. With VPN over Tor noone will know that you (in meaning your IP) using Tor, while VPN provider don't know for what you're using it. Win-win strategy

Also, for example, even launching bitcoin node through Tor isn't a good idea - https://www.computer.org/csdl/proceedings-article/sp/2015/6949a122/17D45X2fUEK (maybe something changed from 2015 but i doubt)
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
As mentioned NordVPN did pass with flying colours as it did what it said on the tin.
As alluded to above, this doesn't really prove anything about your VPN. You still have to trust the auditor, and you have to trust that the VPN hasn't changed anything since the audit. Even in cases where a VPN provider has been subpoenaed (or another jurisdiction's equivalent) and has been found to have no logs, it only proves that they didn't keen logs then. A case which was discussed on the forum a few weeks ago is that of Private Internet Access. PIA have previously been taken to court (twice, if memory serves) and had no logs they could provide. Many users might see that a ringing endorsement of their service. However, PIA have since been bought over by a parent company (Kape) which are infamous for infecting their own customers with malware, and own another VPN with a very loose policy on sharing your personal data. Much like with bitcoin, past performance is no guarantee of future results.
Just for the record I do not use NordVPN, PureVPN, SharkVPN or any other I mentioned a couple of posts back, they were just examples since the OP gave an example and analogy of VPNs   Cheesy

As for what you say about audits and auditors along with a no logs/record policy - yes it is true it does not prove anything because of the possibilities of altering the situation after the event. That same sentiment was also echoed excellently above by AdolfinWolf too and both of you are correct to highlight that auditing though might have some benefits it ultimately cannot be the seal of approval.

What would you say is the best way forward for mixers to try to get users to have full confidence when using their service?

(And a belated congratulations on becoming a Legendary member on the same day I made Hero rank)
legendary
Activity: 2268
Merit: 18748
As mentioned NordVPN did pass with flying colours as it did what it said on the tin.
As alluded to above, this doesn't really prove anything about your VPN. You still have to trust the auditor, and you have to trust that the VPN hasn't changed anything since the audit. Even in cases where a VPN provider has been subpoenaed (or another jurisdiction's equivalent) and has been found to have no logs, it only proves that they didn't keen logs then. A case which was discussed on the forum a few weeks ago is that of Private Internet Access. PIA have previously been taken to court (twice, if memory serves) and had no logs they could provide. Many users might see that a ringing endorsement of their service. However, PIA have since been bought over by a parent company (Kape) which are infamous for infecting their own customers with malware, and own another VPN with a very loose policy on sharing your personal data. Much like with bitcoin, past performance is no guarantee of future results.

And the Tor Blog recently published as a guest opinion the single best short essay on financial privacy that I have recently read.
A nice read. Thanks for flagging it up.

This leads me to wonder, why do we need mass surveillance?  The cops have their hands full with dopes who are practically begging to be caught.
Mass surveillance isn't about catching criminals; it's about controlling the population. People who know they are being watched are meek and unassuming, dutiful and obedient. That and the ability to sell your data and use them to win elections.
Quote from: Glenn Greenwald
And history shows that the mere existence of a mass surveillance apparatus, regardless of how it is used, is in itself sufficient to stifle dissent. A citizenry that is aware of always being watched quickly becomes a compliant and fearful one.
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
Such attitudes and beliefs are increasingly common nowadays
This is the most concerning part of this drama. People (generally speaking) have always been lackadaisical when it comes to their privacy.

[...]

It is doubly concerning to see these kinds of attitudes becoming more commonplace on a forum which is supposed to be united in our combined desire not to trust third parties.

Only two years ago, it seemed to me that most of the “we need KYC because of money laundering” propaganda was being parroted by the types who pad their activity counts with mindless drivel in megathreads.  Now, it seems to be all over the forum—and elsewhere in places where one may expect an understanding of privacy issues.

For the most ironic of countless petty examples that I have recently seen all over the Internet, observe how a a technical discussion on tor.stackexchange was cut short with extreme rudeness (archived):


I was shocked to see that from someone who evidently has deep technical knowledge about onions.  Turning the sarcasm up past (9/)11, I must remark, it seems the attitude is:  “Here, I thought you must be building some nice kidporn site or drug market.  Now that I know you are building a Bitcoin ‘mixer’, you are beneath contempt!”  Does an apparent expert in Tor onions not realize that all tools can be abused, but good people need them for good purposes?

I certainly do not want to reflect badly on Tor here, based on the rude and thoughtless comment by some arbitrary Stack Exchange user.  The Tor Project itself is proud that “Tor secures cryptocurrency networks!”  And the Tor Blog recently published as a guest opinion the single best short essay on financial privacy that I have recently read.  Print that one out, and hang it on your wall!  As I stated in OP here, I had long ago reached its same conclusion that Lightning Network is the future of financial privacy:

Well, sure, but i think that the point is that that's impossible. Let's suppose an auditor checks Chipmixer's infrastructure- and then gives "the green light"; Chipmixer could, if they wanted to, simply change some of the source code. Any of the current mixers could.

Thanks for making this post much shorter!  I can only add that if I were Chipmixer, I would not get such an audit.  I would not want to risk granting the auditor (perforce an outsider) high-level access to my systems for no useful purpose; and I would not want to give my customers a false sense of security by “proving” the impossible.  I respect Chipmixer more because they don’t seem to be the types to claim that they can prove such a thing.



Boldface added on some particularly important points that I fully agree with:

This is still a scenario which one -- who takes his privacy *extremely serious* --  should consider. We have yet to see any proof Chipmixer isn't a honeypot per se either (Though- it'd be pretty much impossible to prove or disprove anyway-).

This is the biggest thing here, there's really no way to confirm this and even people that promote ChipMixer for money will say so. I wouldn't be surprised if the people at ChipMixer came out and said that too -- because it's true. We all put our blind trust and faith into ChipMixer without really knowing how much of it works, and how it's going to be helping us.

I should reiterate a theme of my OP:  I am walking a fine line in so far as I don’t want to FUD Chipmixer, but I need to examine this issue honestly.

It is a service that I want to like.  It is the only centralized, trusted mixer that I want to like.  Their signature ads specifically speak to privacy.  Their FAQ quotes Dr. Adam Back to answer the question, “Fungibility?  Why would I care?”  Oh yes, I want to like them!

They may well be real privacy advocates running an excellent, trustworthy service.  If so, they are also providing an ancillary benefit to society:  Their ads promote the idea of privacy at a time when society is moving in the opposite direction.  This is why I was outraged to see them and their advertisers smeared as “evil”.

I hope that’s what they are...

Not going to spend too much time on discussing chipmixer since my opinion might and it's probably biased but I doubt the honeypot scenario, you don't run a honeypot for two years, on Hansa they run the site for just a month and the amounts involved are on totally different levels.
But, who knows...

If Crypto AG could sell NSA-backdoored security products for governments and militaries for five decades, then I would not make such inferences.  Though of course that was the NSA, not a garden-variety police sting; and if Chipmixer is a honeypot, they certainly provide one of the best, most competently-run honeypots on the Internet today!

I further observe that Chipmixer’s overt attitude is not of the kind used to attract the criminal element; there is a sort of “darknet” cant seen on some sites, thinly-veiled hints that we will help you get away with it, which is completely absent from Chipmixer.  They “smell” clean.  They speak the language that speaks to you and me; and they pour what must be a fantastic advertising budget into the Bitcoin Forum, which is a good place to attract non-criminals.

This suggests that if they are a honeypot, they are probably an intel operation targeting smart people, not a police sting targeting the kinds of people for whom “opsec” means getting a post office box for receiving bulk quantities of felonious contraband from anonymous persons you met on the darknets.*

Or else, they are hardcore privacy advocates who know that most people will use a centralized mixer, so they should provide a good one.  I said, I want to like them...

(* Not that all Internet drug dealers are so stupid, but many of them are!  The example hereby given is based on a real-life case that I read about a few years ago:  Somebody decided to get rich dealing drugs on DNM, and therefore bought drugs wholesale by the kilo from DNM.  Shipped to his post office box—where he picked them up personally—thus where the police picked him up in a controlled delivery.  This leads me to wonder, why do we need mass surveillance?  The cops have their hands full with dopes who are practically begging to be caught.)


...if the day comes where there was ever a major breach or major scam which resulted in losses for either the mixer or the end user then it might be the catalyst to...

To be clear, there are two separate trust issues:  Trusting the mixer to not steal your coins, and trusting the mixer to not violate your privacy while pretending to protect it.  I have been discussing only the latter.  The former is an important issue; but if it were the only issue, I would be comfortable saying that I trust Chipmixer based on their established reputation.

Note that there have been major scams with mixers, including selective scamming and exit scams.  That never deterred the use of mixers generally; and it did not:

kick start an overhaul of how mixers work.

That effort started long ago, with practical implementations you can use today—plus too much related research to sum up in a few handy links.  Bitcoin privacy is a big topic.  And in the future, as I said, I think that this whole discussion will be made obsolete.

What a mixer site most provides is convenience and accessibility.  You send them coins; you get back other coins; and you hope that they did not retain any data connecting these coins to those coins.  It is simple for the user, though a well-run mixing site will have much complexity behind the scenes.  Chipmixer does a good job of that:  The site is a pleasure to use, and easy enough for anybody.
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
Back to Chipmixer, to my knowledge so far no claims have been made with regards to users being (selective) scammed and that is a great thing for reputation sake but would a third party independent external auditor checking things over and giving their verdict be enough to reassure those that are not convinced about its effectiveness for anonymity?
Well, sure, but i think that the point is that that's impossible. Let's suppose an auditor checks Chipmixer's infrastructure- and then gives "the green light"; Chipmixer could, if they wanted to, simply change some of the source code. Any of the current mixers could.

But also, for logging transactions, with mixers being in the current form they are; they wouldn't even need to change any code/have any "malicious code". there would be a multitude of ways to log transactions, and still pass an "audit" at the same time.
Thus, it all comes down to pure trust.

That issue of pure trust you refer to (as in just trusting a project or a person) based on available evidence and gut-feeling, it varies from person to person. Maybe there will never be a universal position on this as it stands but if the day comes where there was ever a major breach or major scam which resulted in losses for either the mixer or the end user then it might be the catalyst to kick start an overhaul of how mixers work.
legendary
Activity: 1946
Merit: 1427
Back to Chipmixer, to my knowledge so far no claims have been made with regards to users being (selective) scammed and that is a great thing for reputation sake but would a third party independent external auditor checking things over and giving their verdict be enough to reassure those that are not convinced about its effectiveness for anonymity?
Well, sure, but i think that the point is that that's impossible. Let's suppose an auditor checks Chipmixer's infrastructure- and then gives "the green light"; Chipmixer could, if they wanted to, simply change some of the source code. Any of the current mixers could.

But also, for logging transactions, with mixers being in the current form they are; they wouldn't even need to change any code/have any "malicious code". there would be a multitude of ways to log transactions, and still pass an "audit" at the same time.
Thus, it all comes down to pure trust.
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
I very much agree with most points you're making. I'd however like to place a footnote here;


If you want to just send coins to a mixer site, cross your fingers, and hope that it’s not a honeypot logging the links between inputs and outputs, then I suggest that you click the links in my signature and try Chipmixer.  Chipmixer is convenient, and it unlinks your transactions on the public blockchain.  Javascript is not required.

If you want trustless privacy, that is a complicated subject beyond the scope of this topic.  The best I can say here is that as Lightning grows, it will render all these questions obsolete for most use cases:  Blockchain spies can’t trace transactions that never touch the blockchain!

This is still a scenario which one -- who takes his privacy *extremely serious* --  should consider. We have yet to see any proof Chipmixer isn't a honeypot per se either (Though- it'd be pretty much impossible to prove or disprove anyway-). While I might believe that Chipmixer is acting in good faith- it'd be weird for me to tell others they actually are, without any immutable proof.

Therefore, if one is using Chipmixer for anything other than unlinking their inputs for the commonalty and some improved privacy, i'd highly suggest he thinks twice about such a scenario.

Well the OP mentioned a Tor versus VPN analogy so going by that scenario you can look at NordVPN for example. They employed third party independent external auditors to check their no logs policy and they passed it with flying colours after a thorough check. Others VPNs such as PureVPN have also stated a no logs policy but do indeed log for whatever time the connection is valid, others have their own structure but do log various things even though they sell their service as a no logs policy. As mentioned NordVPN did pass with flying colours as it did what it said on the tin.

Back to Chipmixer, to my knowledge so far no claims have been made with regards to users being (selective) scammed and that is a great thing for reputation sake but would a third party independent external auditor checking things over and giving their verdict be enough to reassure those that are not convinced about its effectiveness for anonymity?
Pages:
Jump to: