I will reply to his claims today.

Also, my tone with the previous post was uncalled for, apologies on that. I've just spent so much time trying to engage with him to only run into the same things it's very tiresome.

Either way my tone was unnecessary.

He didn't debunk anything, he just ree'd into the void with vague nonsense.

He could have replied if he wanted to debunk anything, instead he just repeated his angry rants.

I've long since decided not to waste my time entertaining his fantasies, many more important things to do in life.

No clue 🤷‍♂️

Sadly he blocked me a long time ago for an unknown reason, would love to talk to him 😢

Glad to hear it, check out Sparrow Wallet if you're wanting a desktop app, implements the Samourai Wallet privacy tools in an intuitive and approachable way!

Easy takeaway is here:

> tl;dr: Keep using Samourai Wallet or Sparrow Wallet for Bitcoin privacy, the holistic toolkit they've built is beyond compare and has a proven track record of efficacy.

Longer form is that Wasabi Wallet has critical issues and should (still) be avoided IMO.

I don't doubt that many people will sooner or later with how piss poor key management has been so far.

Way too much pasting of private keys into random clients 😅

Reposted to Nostr, good reminder!

Realized I forgot to post it here as well, so much easier in one big post in Nostr 😁

#[3]

A post on Wasabi Wallet and their new protocol, WabiSabi after more digging/research:

First off, please do not connect my joining their Space last week or researching their protocol as lending *any* credence or support for their approach or wallet. I still do not recommend using it in any way.

Digging into WabiSabi has revealed some core issues that should prevent you from considering using it. Note this list is not in any particular order.

1) Wasabi's funding and willing usage of chain surveillance companies puts your on-chain data at risk when you use them.

This usage of CA could not only lead to harming your privacy directly, but could also easily be turned into a honeypot where "bad inputs" automatically get sent to mix with only Sybil inputs, providing 0 privacy but not showing that in your client.

Easy surveillance.

2) WabiSabi as a protocol is only a tool for aggregating inputs where each input/output is blinded from the coordinator, and is not in any way a Coinjoin protocol - it is merely the input aggregation portion of one.

As such, the specifics of the WW2 protocol are unclear.

3) There is currently *zero* way to verify the privacy provided by a given mixing round in WW2, and even Wasabi themselves don't seem to understand how their "anon score" metric works.

If you can't verify the privacy you get, you *should not trust it*.

4) "Lonely whales" (i.e. those with larger amounts of Bitcoin) can often gain *zero* privacy in mixes and have 100% deterministic links between their inputs and outputs.

Have seen as little as 6 BTC gaining no privacy from mixing rounds.

5) Due to the client + coordinator not learning amounts chosen by participants in rounds before mixing, you can never be sure that a mixing round provides you with any privacy, as it's always possible no one selects the same amounts as you, providing an anon set of 1 (your input/output).

6) The usage of "big TX = good privacy" in Wasabi marketing is BS, as the only thing that matters for privacy in a transaction is the potential outputs to match your inputs.

That is really only the outputs that share a denomination with your output, not all outputs in a TX.

7) If the creators of this purported privacy tool don't know how to measure the privacy provided by their protocol, it should raise red flags for you.

Not knowing how your own protocol actually provides privacy opens up so many potential implementation flaws.

8) There is a *long* history of tracing of Wasabi's previous implementation due to flaws in protocol and flaws in implementation, so we should be incredibly wary of trusting privacy claims until 100% proven over time.

9) There remain *zero* post-mix spending tools in Wasabi, something that is absolutely vital to actually gaining privacy from Coinjoin's when spending Bitcoin. Even if the protocol was perfect this would lead to many privacy issues and "foot guns".

This post comes after spending many hours digging into the WabiSabi protocol, their documentation, and speaking with them at length.

I have no personal beef with Wasabi but try to remain open to learning from new approaches and wanted to give WabiSabi a fair shake.

As a note to Thibaud and others I spoke with on the Space last week, that was not merely recon or similar, I genuinely wanted to learn and thought that would be a good place.

Unfortunately I didn't really get much mic time or many questions answered and it felt like marketing.

I don't write this thread to incite more hateful rhetoric between "camps," but because I care about *your* privacy above all and do not want to accidentally push people to use a tool I don't deem sufficient for privacy in Bitcoin.

Just as I love and recommend Monero widely while working on Bitcoin, I love and recommend Samourai Wallet as a proven tool for privacy that I have used successfully over the years and seen proven time and again to work and provide solid privacy on-chain.

If I saw Wasabi Wallet as a workable and useful privacy tool today without core issues I wouldn't hesitate to recommend it, as I'm not an anything maximalist or tied to any camps.

But that is not the case today, and I can't recommend anyone use Wasabi Wallet (still).

I'm sure this will piss a lot of people off (I seem good at that recently 🙃) I want to always be sure that people know where I stand in relation to privacy tools, and that stance hasn't changed despite spending a good amount of time digging into Wasabi.

tl;dr: Keep using Samourai Wallet or Sparrow Wallet for Bitcoin privacy, the holistic toolkit they've built is beyond compare and has a proven track record of efficacy.

I'll do this and just point people to my new profile, not nearly as big of a deal as it was on Twitter etc.

Would be cool to have a tool to properly sign a new profile from an old one and have users clients easily follow to the new key.

Signing everytime you want to like a post or post yourself would be a hilariously bad UX.

For most users full export like this will be an ideal set of tradeoffs, for more advanced users or company accounts, NIP-26 will be an excellent tool with far more granularity down the line.

Don't let perfect security be the enemy of actually using the tools.

Planning on opening a bounty tomorrow for this in Amethyst, have some ideas on ideal flow!

👀

A big step towards much better key management options is almost here.

#[0]

4h from bounty request to live, tested implementation.

And uses a freaking PayNym too 🤩 Cannot beat Bitcoiners.

#[0]

PayNym is beautiful, makes me even happier 🔥

Already added by #[2] 🤯

Just tested and works perfectly, holy shit.

Love this community.

#[2] please let me know how you'd prefer payout of the bounty!

Already?!?

Holy shit

Yup!

It's not copy-pasted, it's scanned in once and never exposed to clipboard etc.

It allows you to keep your backup/storage of the key cold and only import one time, reducing how often your private key is exposed.

It also allows far more robust backups as you just leverage your existing backup infra for Bitcoin keys (Nostr key is derived from your seed).

Until key delegation is widely supported this is by far the best approach IMO.