Hi, I'm Yuval and I'm unhappy with the quote I gave (my fault, not Leigh's):
1. firstly, I said "you need" and that implies more than I wanted to - if you want to use Bitcoin, if you want to use CoinJoin, and you want to do it safely, there are things you have to know because the tech has limitations, the way I phrased it is confusing
2. What I meant about exchanges: if you share a deposit address from an exchange, especially an exchange that doesn't generate a fresh address for every deposit, especially if you share it publicly (e.g. on some profile) then the links become apparent: the exchange uses the address as a reference to identify deposits credited to your account, and they can see that on your profiles, people sending money to it can see what others are sending, and if the exchange ever gets hacked (a high probability) then your personally identifying information may be linked to those addresses.
You can your own wallet to generate unique addresses for each payment, and you can use some sort of privacy oriented wallet, currently they all use CoinJoin, to obscure the relationship barrier between these addresses and any deposit addresses you might use on an exchange if you forego using Bisq as discussed in the paper, but one point that was not emphasized enough:
3. CoinJoins are not risk free! They are easily identifiable on chain, so although they obscure the path between coins, they can be easily flagged, and some exchanges will close accounts and confiscate funds of users who are CoinJoining before depositing or after withdrawing
There are also some limitations with regards to being able to make private payments and handle change from CoinJoins, especially if you're trying to utilize every last sat.
If you want to use Bitcoin privacy tech and are unsure about the risks, benefits or how things work, feel free to get in touch with me and I will be happy to clarify about anything, I'm @mHaGqnOACyFm0h5 on twitter or nothingmuch@woobling.org by email, feel free get in touch and we can exchange info for an encrypted chat app I'm on a few of them.
Hi, I'm Yuval and I'm unhappy with the quote I gave (my fault, not Leigh's):
1. firstly, I said "you need" and that implies more than I wanted to - if you want to use Bitcoin, if you want to use CoinJoin, and you want to do it safely, there are things you have to know because the tech has limitations, the way I phrased it is confusing
2. What I meant about exchanges: if you share a deposit address from an exchange, especially an exchange that doesn't generate a fresh address for every deposit, especially if you share it publicly (e.g. on some profile) then the links become apparent: the exchange uses the address as a reference to identify deposits credited to your account, and they can see that on your profiles, people sending money to it can see what others are sending, and if the exchange ever gets hacked (a high probability) then your personally identifying information may be linked to those addresses.
You can your own wallet to generate unique addresses for each payment, and you can use some sort of privacy oriented wallet, currently they all use CoinJoin, to obscure the relationship barrier between these addresses and any deposit addresses you might use on an exchange if you forego using Bisq as discussed in the paper, but one point that was not emphasized enough:
3. CoinJoins are not risk free! They are easily identifiable on chain, so although they obscure the path between coins, they can be easily flagged, and some exchanges will close accounts and confiscate funds of users who are CoinJoining before depositing or after withdrawing
There are also some limitations with regards to being able to make private payments and handle change from CoinJoins, especially if you're trying to utilize every last sat.
If you want to use Bitcoin privacy tech and are unsure about the risks, benefits or how things work, feel free to get in touch with me and I will be happy to clarify about anything, I'm @mHaGqnOACyFm0h5 on twitter or nothingmuch@woobling.org by email, feel free get in touch and we can exchange info for an encrypted chat app I'm on a few of them.
Thanks for clarifying, Yuval! :)
This is an excellent article, and probably the best thing I've read all week.
Yuval has already warned users against using Wasabi https://www.youtube.com/watch?v=I4MXP5i5vIM&feature=youtu.be&t=1h33m50s
As for other serious issues (many unresolved) with Wasabi, they can be found here: http://5ruwr5gvqqlozkeetb547lqaglte5rornrcp4ykj3breqa5fncppw6id.onion/
that's not a fair summary of what i'm saying there