I have created a donation page to support my work: donate.joinstr.xyz
This would help me continue to work on joinstr and other projects.
Update: Ashigaru whirlpool has 2 vulnerabilities
1. Coordinator can link input-outputs
2. Denial of Service
https://nostr.download/5230773c7a261200b51fbd73f1abe8edf9aa55fada3713fee0ed53dc15c571b4.webp
This is your interpretation and I can't change it.
You are free to trust ashigaru and use a vulnerable coinjoin implementation. I like doing my research and sharing things.
Working on a proof of concept that would make it easier to understand how a whirlpool coordinator can link inputs and outputs.
It doesn't affect privacy if the fees are paid off-chain.
Update: Key is hardcoded in Ashigaru-Terminal which introduces other issues. Code in Ashigaru-Whirlpool-Client remains vulnerable.
https://nostr.download/0788eb6b56e77dade60c2c494492bb60e6f37f5eda91674672a41d59e80c4b7a.webp
Yes they have hardcoded a key in terminal. This introduces another vulnerability. I will add the details in the bitcointalk post.
Bug is in whirlpool and not the wallet.
- Still using the centralized coordinator
- Increased coordinator fee
- Only 2 pool size available
Remains vulnerable to https://groups.google.com/g/bitcoindev/c/CbfbEGozG7c/m/w2B-RRdUCQAJ
Public logs of joining the pool would avoid cheating.
Does it make sense to create a pool in which everyone pays different fee for coinjoin?
b is the first to join the pool and j is last
a - 0 sats
b - 100 sats
c - 200 sats
d - 300 sats
e - 400 sats
f - 500 sats
g - 600 sats
h - 700 sats
i - 800 sats
j - 900 sats
Custodial solutions on top of bitcoin remain custodial and vulnerable.
Yes. All the government agencies are aware of this obsolete tech that requires trusted third parties to work.
If you read it you will realize that it's a misleading website created to get some engagement.
My 21 sats public zaps on nostr need the privacy of blind signatures and a custodian.
Users getting rugged by alby for being inactive
Which bitcoin privacy projects (self-custodial) are you most interested in and why?
#AskNostr
Some transactions with below dust limit are already allowed i.e. Ephemeral dust however, you can always pay ark to ark (same asp) and ln invoice even if below dust.
Self custody can be improved in different ways. With better UX, users won't even know if they are using a self custodial wallet.
nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spp4mhxue69uhkyunz9e5k7tcpr9mhxue69uhhyetvv9ujuumwdae8gtnnda3kjctv9uq32amnwvaz7tmwdaehgu3wdau8gu3wv3jhvtcw9estc's trident vault is an example of innovating self custody with insurance and better security.
I won't achieve that with my mint. I would need to trust other mints.
Of course there is something there but use trusted mints or run your own not that hard today with LNbits plugin to your Lightning node ..
We are working on getting our own mint up from nostr:nprofile1qqsvhkuwupsyzk6yy7ajpc5w5vjyycyfx9juwwpv97atrfnxz0hy6sgpremhxue69uhkummnw3ezucmpwfkx7umvw4nk7mn9wvhxxmmd9uq3samnwvaz7tmwdaehgu3wwecxutnyd9sk6mmwv3esjp3rr6 already got a LN node running payments with Sats running & our public nostr relay
If I am running a LN node, why do I need a mint? I can use LN for payments.
User experience is good especially when you get rugpulled by a mint.