Hello all,
I have one question about privacy with using Trezor. Trezor (Satoshi labs) recently announced cooperation with Wasabi.
But here (Youtube: "#10 Pavel Ševčík - Jak je to v bitcoinu s tou “anonymitou” (time: 58:00)), the guy tells, that Wasabi cooperate with Chainalysis. I see that as a huge violation of Trezor users privacy.
Could you please express yourself to this issue?
Thank you very much for answer.
Indeed. Wasabi and zkSNACKs are cooperating with chain analysis companies according to their blog.
Trezor team, can you please tell us why you chose to partner with individuals who advocate for censorship?
We understand that preventing certain UTXOs from entering a coinjoin is a sensitive issue. Our ultimate goal in supporting coinjoin is to provide individual users with an easy-to-use privacy tool.
We do not expose any new coins to a chain analysis company; the coinjoin coordinator run by a third party simply receives an existing risk score about the UTXOs entering the coinjoin. When UTXOs known to be connected to serious criminal activities attempt to enter a coinjoin, the coordinator simply refuses them. Nothing else happens.
We cannot check individual users’ activity, track it, or report on it since coinjoin is enabled via Tor, the anonymization network, and we also use block filters.
There is more information on how coinjoin work in our blog post on the topic here, including further information on how the coinjoin coordinator selects the inputs.
We practically cannot track or report users. Trezor’s coinjoin account uses block filters to mask the user’s wallet addresses and Tor to mask the user’s IP address. The process is one-way - we only receive information, that has already existed anyway, about the risk score of UTXOs entering coinjoin. This information is used for accepting/denying UTXOs to coinjoin and it is not used in the future for any purpose. This applies just for the UTXOs used for coinjoin, not for any other users’ coins.
I hope you understand that what you’re incidentally (and unconciously?) funding mass surveillance companies? Additionally, denying certain UTXO’s from being mixed means you’re conductive to censorship, whether that’s done with good intentions or not.
You have a really good product, that is in favor of the Bitcoin ideals. Don’t take that path and ruin your principles.
There aren’t many CoinJoin providers, just Wasabi, JoinMarket and Samourai AFAIK. Samourai has a bad reputation after being critizised by CoinJoin’s inventor and others. JoinMarket currently depends on Makers and Takers to use Internet Relay Chat (IRC) to fill the orderbook.
There’s a good reason there aren’t many CoinJoin providers. It’s simply because anonymity increase within a large group. So if Makers and Takers spread out to many providers there’d be longer waiting times for transactions to complete and also potentially less anonymity.
Then there’s the problem with Sybil attacks, where one person pretends to represent a large group of people. So if you joins this attacker then it’s just you two and anonymity is poor. I believe official authorities in the future may use investigators to perform Sybil attacks with previously confiscated Bitoins in the purpose of exposing more “money laundrers and tax evaders”.
However, there are proposals to mitigate some of these problems. One is to implement a Directory Server Scheme, similar to what Tor use, to gather Makers and Takers. Another proposal is to integrate a c-lightning message layer in JoinMarket, using the Lightning Network. It could be combined with one or more Directory Servers.
I think the (near) future will enhance CoinJoin and provide even better privacy and ease of use. JoinMarket is maybe the solution that could “win” and become the sole provider in a decentralized network.
@Petosiris, Wasabi is also critizised. It is caught to reusing addresses while mixing. But besides that, protecting your privacy and enhancing fungibility using a censoring tool is just wrong. Bitcoin is and should be viewed as censorship resistant.
Why didn’t Trezor go with JoinMarket? It does mitigate from sybil attacks using fidelity bonds as far as I’m concerned.
I understand that but as I mentioned above there aren’t many alternatives.
I don’t know, but I’d guess it was because JoinMarket requires users to also use IRC. It’d be wrong for SatoshiLabs to assume Trezor users would want to use IRC too.
But it’s very appropriate to have them paying for their own surveillance using zkSNACKs’ coordinator. Lmao.