It's even easier. Just use a different signing key for each output. In Whirlpool, the only way to verify that isn't happening is to somehow get two of your own outputs into the same coinjoin round.
No, I don't have a Lightning address set up. I appreciate the thought though :)
I can't find the link right now, but their reasoning was that most secure element chips use proprietary code, and one has to sign an NDA to even access the documentation, which goes against the whole idea of open source. They also said they evaluated a few chips and found vulnerabilities, but were unable to disclose because of those NDAs. Apparently they found a fully open source chip. They reference the openness concerns in this article: https://trezor.io/learn/a/secure-element-in-trezor-safe-3 .
2) Their new model ("Trezor Safe 3") does have a secure element chip. Not having one is okay if you don't expect anyone to get physical access to your Trezor, otherwise it isn't. Hence the new model.
4) Yes, theirs will shut down on June 1. See this: https://twitter.com/Trezor/status/1786126207924252979 .
It's impossible to break the 21M cap on the base chain. Even if it was on one of the L2s, it would mean that some of the money wouldn't make it back to the base chain.
Thank you waxwing, I added your correction and gave a response in some follow up tweets. https://twitter.com/super_testnet/status/1788287748618723651
I copy/paste my response here:
Joinmarket's coordination model is unique and awesome because the coordinator is just one of the people in the coinjoin (the "taker"), changes in ~every round, and does not take a fee -- rather, they pay fees to the makers.
I do not like that the coordinator in joinmarket can map everyone's inputs to their outputs. This could be fixed with blind signatures and I am happy to help make this happen if it would be a welcome change in joinmarket. I also do not like that there *is* a coordinator.
If it's possible to do this stuff without a coordinator, why have one? A deterministic protocol like emessbee removes variables introduced through the coordination mechanism. And it also might keep some people out of jail til the feds criminalize mere participation too.
Keep in mind that makers are there to earn fees. Any privacy achieved by them is a side effect, it isn't the goal of their participation. Significant changes would have to be made to enforce their privacy. For example, blind signatures wouldn't help if the taker can select only one maker for the coinjoin, since the two outputs that don't belong to the taker belong to the maker. So the minimum number of makers in a transaction would have to be enforced.
Having the taker be the coordinator has its advantages. A user that needs to mix their coins can do so any time they want, with any schedule they want. They don't have to wait for enough participants to join or for the round to start. They can even pay someone through a coinjoin, since they choose the amount and destination of the transaction. With Wasabi or Whirlpool, you'd have to use an output from a former coinjoin for the payment, you couldn't start the coinjoin specifically to send the money.
See these issues by nostr:npub1klkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qulx3vt:
https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/1192
https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/583
There are some (unreliable, but still) heuristics one could use to tell takers and makers apart. For example, if the money sits dormant for a long time without entering new coinjoins, it's unlikely to belong to a maker. Switching roles defeats those heuristics. See this issue for more info: https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/948.
Don't have time to watch the full video, but at a glance, it looks very similar to CoinShuffle/CoinShuffle++?
> Stonewallx2 can be done the old way
Not on Sparrow. So that leaves regular Stonewall and PayNyms/BIP47...
Which ones specifically? Soroban is dead, so Stonewallx2 and Stowaway were removed from Sparrow.
I wasn't asking you.
Who cares what XPUBs your wallet uses? If you're doing it right there's no difference. One could even use a non-HD wallet and then there's no XPUB to begin with. Regardless, that change is still linked to your spend, though. It's a pseudo identity.
Unless you use the VPN *on top* of Tor and not the other way round (which is a bad practice, ask the Tor devs), the VPN will gladly give the IP you're connecting from to the police. If you paid on-chain, your change is linked to it. Unless of course you trust that "no log" policies are real.
> You can pay for a VPN with Bitcoin lightning and generate no change.
Well, do you do that?
Sure, you can break the link by depositing it into Lightning, or use JoinMarket. But all of that is expensive.
> Next the monero shills will tell us that monero protects them from security cameras for their infinity fiat money lol
I don't use Monero. But, yes, if there's no trace to follow, it doesn't matter that your face got captured on camera, because no one can see where the UTXO came from. Same with Lightning, but that only works at places that take it.
What? Do you not understand how the UTXO model works?
By "follow best practices", you mean "not using Bitcoin", right? That's the only way your words make sense. If you pay someone without spending the full UTXO, you're always creating some sort of a pseudo identity. Say you paid for a domain online, then bought dinner using the change. Your face is now linked to that domain thanks to CCTV cameras. If you paid for a VPN, then sent the change to someone on Nostr, your social graph is now linked to your IP address. It just takes some digging and a few subpoenas.
Bitcoin is good and useful. But you have to acknowledge its flaws. Otherwise, we're no better than a cult.
Say what you want, but the source code for Tornado Cash is still up on GitHub even after getting sanctioned. It's archived yes, but available. Samourai's isn't.
ZeroLink is just one CoinJoin protocol. It's not the only way to break all deterministic links.
Paynyms only work because the US government chose not to take down paynym.is, a centralized service. Nothing stops them from replacing a username's BIP47 code in the database to route all the funds from new connections to the FBI, though. Cahoots (Stonewallx2 and Stowaway) only work by exchanging QR codes now, far from being as useful as they were when Soroban worked. Ricochet should work with your Dojo as the coordinator, but you'd also be sending a fee to the wallet now controlled by the FBI. Which you can do if you want to, but I would advise against sponsoring terrorism.