Discussion
Wasabi demixed again?
Apparently
its just amount and timing correlation, theres no assertion that there was any problem with the CJs themselves.
No, that's not the story.
The problem mentioned affects any coinjoin implementation.
Thanks for sharing
Any settlement technique that attempts to obtain anonymity must randomize timing sufficiently to prevent cohort clustering like this.
Interesting doc. Obviously you have to get past the "proprietary techniques" blatant self-promotion that is typical of these guys, as well as the constant "Russian" "high-risk" language designed to ping high $ value government contracts, but at root the story they're telling is a familiar one: criminals trying to move high amounts of money through coinjoin find both a kind of success and a kind of failure: the success is, they can find a way to move the money before it gets found, basically it's usually through exchanges that aren't doing the whole "coinjoin flagging" thing. It's still never going to be easy for them to convert it to something in the real world, but it's at least possible this way. The bad side is that the pattern of usage "take a huge chunk of coins and put them in
You can just open lightning channels with your funds. FixedFloat.io and flyp.me both support lightning.
Anyway, these claims of "common wallet characteristics" are likely to be bullshit. Lots of people use the same wallet software. It's also entirely unnecessary for the people doing the coinjoins to use other wallet software – Wasabi is a perfectly good wallet.
Yes the wallet fingerprinting stuff sounded kind of crap/BS. But if you asked them they'd just say "oh yes but our system is much more sophisticated than that; we can't tell you more because it's proprietary". And while *that* is BS, it's also true that the principle of multiplicative/compounding on fingerprinting is unreasonably powerful (see: browser fingerprinting etc.).
I strongly agree that LN is an exceptionally good tool for privacy despite its (imo heavily overblown) limitations. But my general comment was about the "move large amount through anon technique X" and that comment very much applies to LN too.
I guess your "Wasabi is a perfectly good wallet" was more aimed at the article than at my comment about it, but yeah, I agree that this is not evidence against Wasabi's utilty.
isn't the problem with LN as a privacy tool that you would never know if it's privacy assurance was broken? not being an l1 it's not designed to function in the open and if a third party is accumulating information ( IE routing nodes are colluding ) you would never know.
strong privacy assurance is like bolt12, blinded paths and MPP still drastically reduce the UX and ability to move funds.
I agree it's good privacy at the moment. but isn't it just because nobody's looking?
I think you make a very fair point that the practical reality of privacy on LN today is a lot better than it would be under fully adversarial conditions. There are some glaring weaknesses as people like Matt Corallo will point out. But it will get better with increasing volume, and if we ever get ptlc. And being a *real* L2, warts and all, it has great properties for everyday small scale use.
this is a good way to put it.
Another proprietary technique eh?