Every Samourai wallet supporter should listen go my podcast episode with nostr:npub1pww7030g95nv9ptfpgfu69jpfxj6pm33xxueztsupwekce45wx4sm6en60
If you don't have the patience to sit through a 3-hour recording, I've added timestamps.
Just skip to 00:42:46, you will learn something new today.
Now also available on Spotify & whatever!
False equivalence, asinine assessment. The user could have just spent from their post-mix wallet but instead re-used addresses from their pre-mix wallet and consolidated. The user had to deliberately choose to do this by fetching pre-mix wallet addresses and manually paste them to the post-mix wallet.
Comparing intentional and deliberately retarded user behavior to Wasabi which has symmetric address re-use (same address on the input & output sides of the mix) as well as systemic address re-use (mix outputs sent to previously used change addresses) without any unexpected user behavior triggering the failure demonstrates your continued efforts to misguide and confuse people. You're deplorable and I encourage you to do the world a favor and delete your podcast.
Or, the user could have just used Wasabi instead of Whirlpool so they wouldn't have created toxic change in the first place? Why are you ignoring the solution?
As I mentioned, there is a non-zero chance Wasabi's systemic address re-use vulnerability will send a mixed output to a previously used change address, that's one reason choosing Wasabi would have been a poor choice. Another is that there is also a non-zero chance that Wasabi's symmetric address reuse vulnerability will include the same address on both the input & output sides of the mix. Additionally, fees paid to Wasabi helped support chain analysis companies; utxos are ground to dust if left to CoinJoin for too long; and now that ZKsnacks' coordinator liquidity has been broken up among several new coordinators, users can enjoy dancing with themselves in shallow liquidity pools that offer no practical anonymity benefits.
Further more, the existence of doxxic change makes no difference when a user is intentionally sending all their outputs to their pre-mix wallet (of all places) and then consolidating them. To even achieve what you've demonstrated the user would have to put in considerable effort to make such a mess of things.
Your example is one of intentionally destructive user behavior and this entire exercise has demonstrated that you are purposefully attempting to misguide people and/or you have little to no grasp on the subject. Despite your inability to identify that example as a blatantly obvious and intentional maneuver to consolidate outputs, you chose to confidently use it as an example to equate the vulnerabilities in one wallet with the deliberate choices made by the user in another wallet. The fact that you have been engaging in tactics such as this for years is disturbing and the fact that you continue to do so after the Samourai Wallet coordinator has been shut down is deranged.
t-y fren, another rabbithole for 2many that is a harder 1 to explain. appreciate econoalchemist!
I can reply to your wall of text, but it seems you are confused. Here's 3 different instances of address reuse in Samourai:
Samourai coordinator address reuse: https://x.com/Kruwed/status/1735129375001968838
Samourai toxic change address reuse: https://x.com/brian_trollz/status/1559018534675644418
Samourai postmix address reuse: https://x.com/SamouraiWallet/status/1283145015124996098
If you could then you would have but you can't because you're out of your depth. None of your examples are the result of address re-use in the CoinJoin. Unlike Wasabi's systemic & symmetric address re-use vulnerabilities which both occur in the CoinJoin transaction.
To clarify further: in your first example above, the coordinator fee is provided during the tx0 transaction while the wallet is setting up for and prior to the CoinJoin transaction. Tx0 transactions have obvious on-chain fingerprints and I fail to see how identifying the address used by the coordinator to collect the fee has any bearing on the anonymity of the user.
In your second example, the re-used address was also re-used in a Wasabi CoinJoin tx so that doesn't help your case but more importantly, when it was re-used by Samourai, it was in the tx0 - not the CoinJoin transaction. Additionally, based on the comments in that thread, the wallet was imported to Samourai and admittedly wasn't fully synced.
Finally in your third example and like the others, this was not a case of address re-use in the CoinJoin transaction (unlike Wasabi) but rather limited occurrences of address re-use in post-mix spending tools like Stowaway, Stonewall, & Stonewallx2. As explained in Samourai Wallet's write up of their investigation into the reported issue: not nearly as many addresses were effected as originally claimed and for good measure Samourai Wallet introduced Strict Mode after this report to mitigate unintentional address re-use by the users when transacting with post-mix spending tools.
Despite your efforts to equate Wasabi's address re-use vulnerabilities to Samourai Wallet, you have come up short yet again.
What year is this?
Says the guy publishing podcasts about an inactive CoinJoin implementation 🙃
"Inactive"? Do you have a full node to verify that? My coinjoin coordinator does far more volume than Samourai's ever did: nostr:nprofile1qqsw23lc30574v5ng0mjq56kdpnkw6vhuzcdnzp6d0dqntzt8utecccpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqgjwaehxw309ac82unsd3jhqct89ejhxqg5waehxw309aex2mrp0yhxgctdw4eju6t07rmfmt
So since you are aware of all of Samourai's address reuse bugs, then please explain to me why anyone would want to create "toxic change" instead of becoming fully untraceable? The WabiSabi protocol solves the "peeling chain" privacy leak that is produced by the Whirlpool protocol: https://x.com/ErgoBTC/status/1181573118810361856
First of all, you have failed to demonstrate any Samourai Wallet "address reuse bugs" that can be equivalently compared to the systemic & symmetric address re-use vulnerabilities in Wasabi although you claimed them to be equivalent on Vlad's podcast. Second, I do not claim to be "aware of all", I have merely responded to your shitty and misleading examples.
Doxxic change in Samourai Wallet is not part of the CoinJoin tx, it comes from the setup tx (tx0) and is separated afterwards, never entering a CoinJoin round.
As for Ergo's tweet, when he says "unmixed" change, he's talking about change that comes out of a Wasabi CoinJoin tx, change that doesn't match the mixed like-amount outputs. These change outputs are far from untraceable and have been the downfall of many users. Take for example, this video where Samourai Wallet demonstrates how easy it is to unwind a Wasabi CoinJoin transaction featuring a systemic case of address re-use. Take special note of the keywords "unmixed change" in the video's caption, which sates: "The 25 BTC unmixed change went to the same address as a 0.401 BTC mixed output. User didn't do this address reuse, the client did."
>First of all, you have failed to demonstrate any Samourai Wallet "address reuse bugs" that can be equivalently compared to the systemic & symmetric address re-use vulnerabilities in Wasabi although you claimed them to be equivalent on Vlad's podcast.
Why can't they be compared? I just compared them didn't I? Your comment that Whirlpool's toxic change outputs and coordinator fee outputs already have such terrible privacy that it doesn't make any difference whether or not the addresses are reused doesn't help your argument, it hurts your argument.
>As for Ergo's tweet, when he says "unmixed" change, he's talking about change that comes out of a Wasabi CoinJoin tx
Okay, and when I say "unmixed" change I'm talking about the change that comes out of a Whirlpool tx0.
Now that we are both on the same page, please explain why you wouldn't just solve the problem of unmixed change like Ergo suggested by never creating it in the first place? I even opened a Gitlab issue in Samourai's wallet for doing this: https://web.archive.org/web/20231025112756/https://code.samourai.io/wallet/samourai-wallet-android/-/issues/461
You could also compare apples to oranges but you would still look like a fool.
Let's not sidetrack the conversation with metaphors: What do you think of my Samourai Improvement Proposal? https://web.archive.org/web/20231025112756/https://code.samourai.io/wallet/samourai-wallet-android/-/issues/461
how do I
as a user,
calculate the entropy gained by a wasabi CJ?
because if a tool doesn't have reproducible behavior
how can I put trust into it?
Not sure what you are looking for with 'entropy', but you can use this open source tool to measure the anon sets of WabiSabi coinjoins with 150+ inputs: https://github.com/turbolay/WabiSabiAnalyzer
