I have one question about privacy with using Trezor. Trezor (Satoshi labs) recently announced cooperation with Wasabi.
But here (Youtube: "#10 Pavel Ševčík - Jak je to v bitcoinu s tou “anonymitou” (time: 58:00)), the guy tells, that Wasabi cooperate with Chainalysis. I see that as a huge violation of Trezor users privacy.
We understand that preventing certain UTXOs from entering a coinjoin is a sensitive issue. Our ultimate goal in supporting coinjoin is to provide individual users with an easy-to-use privacy tool.
We do not expose any new coins to a chain analysis company; the coinjoin coordinator run by a third party simply receives an existing risk score about the UTXOs entering the coinjoin. When UTXOs known to be connected to serious criminal activities attempt to enter a coinjoin, the coordinator simply refuses them. Nothing else happens.
We cannot check individual users’ activity, track it, or report on it since coinjoin is enabled via Tor, the anonymization network, and we also use block filters.
There is more information on how coinjoin work in our blog post on the topic here, including further information on how the coinjoin coordinator selects the inputs.
We practically cannot track or report users. Trezor’s coinjoin account uses block filters to mask the user’s wallet addresses and Tor to mask the user’s IP address. The process is one-way - we only receive information, that has already existed anyway, about the risk score of UTXOs entering coinjoin. This information is used for accepting/denying UTXOs to coinjoin and it is not used in the future for any purpose. This applies just for the UTXOs used for coinjoin, not for any other users’ coins.
I hope you understand that what you’re incidentally (and unconciously?) funding mass surveillance companies? Additionally, denying certain UTXO’s from being mixed means you’re conductive to censorship, whether that’s done with good intentions or not.
You have a really good product, that is in favor of the Bitcoin ideals. Don’t take that path and ruin your principles.
There aren’t many CoinJoin providers, just Wasabi, JoinMarket and Samourai AFAIK. Samourai has a bad reputation after being critizised by CoinJoin’s inventor and others. JoinMarket currently depends on Makers and Takers to use Internet Relay Chat (IRC) to fill the orderbook.
There’s a good reason there aren’t many CoinJoin providers. It’s simply because anonymity increase within a large group. So if Makers and Takers spread out to many providers there’d be longer waiting times for transactions to complete and also potentially less anonymity.
Then there’s the problem with Sybil attacks, where one person pretends to represent a large group of people. So if you joins this attacker then it’s just you two and anonymity is poor. I believe official authorities in the future may use investigators to perform Sybil attacks with previously confiscated Bitoins in the purpose of exposing more “money laundrers and tax evaders”.
However, there are proposals to mitigate some of these problems. One is to implement a Directory Server Scheme, similar to what Tor use, to gather Makers and Takers. Another proposal is to integrate a c-lightning message layer in JoinMarket, using the Lightning Network. It could be combined with one or more Directory Servers.
I think the (near) future will enhance CoinJoin and provide even better privacy and ease of use. JoinMarket is maybe the solution that could “win” and become the sole provider in a decentralized network.
@Petosiris, Wasabi is also critizised. It is caught to reusing addresses while mixing. But besides that, protecting your privacy and enhancing fungibility using a censoring tool is just wrong. Bitcoin is and should be viewed as censorship resistant.
Why didn’t Trezor go with JoinMarket? It does mitigate from sybil attacks using fidelity bonds as far as I’m concerned.