Bitcoin privacy is broken

This article is about bitcoin’s failure as a truly disruptive financial technology. Bitcoin’s proponents like to make false claims about its censorship resistance, how it will get rid of banks, how it cannot be seized, how its private, and its role as free speech money. Nothing could be further from the truth.

Anonymity & privacy are essential for free speech.

Without it, you’ll end up with censorship, deplatforming, legal and financial persecution, in the worst case possibly even becoming a target of state backed violence, as we have seen with social media and payment processors banning dissenting voices for speaking truth, or even unpopular opinions, and cutting off their finances for wrongthink, and sometimes leading to their arrest.

This is non-negotiable. Bitcoin cannot be free speech money, since it lacks privacy allowing btc users to be doxxed, arrested, prosecuted, taxed, surveilled, deplatformed, and their bitcoin to be seized as the bitcoin donations to the canadian protesters demonstrated for the entire world to see.

It’s my opinion that bitcoin has become a failed experiment. It’s no longer a tool that can be used by those who claim to want to “opt out” of the corrupt fiat monetary system. It’s privacy is compromised, and it has been co-opted and controlled by the very fiat financial institutions and banks bitcoin’s so-called cypherpunks claim to oppose, and desire to overthrow.

Yes, it’s true that nobody can “stop” or “censor” a bitcoin transaction, but they can definitely see every transaction you make and demix your coinjoins, tie them back to your real wold identity and then come arrest you and throw you in a gulag for being a money laundering financial terrorist.

So-called bitcoin cypherpunks are inviting regulation, censorship, surveillance, and compliance, just think about this for a second.

Darknet markets, the original use case and proof of concept for bitcoin’s value proposition, don’t even use it anymore due to bitcoin’s role in countless arrests and prosecutions of darknet platforms, purveyors, and users. This is directly correlated to bitcoin’s complete lack of fungibilty, and the trivial task of surveillance of its transparent blockchain.

BTC maxis like to claim this is not true, but the existence, proliferation, and success of monero only darknet markets cannot be denied. Bitcoin’s main value proposition is now creating a financial surveillance panopticon where banks and hedge funds aml/kyc every participant and monitor their spending in real time, and deplatform anyone who speaks out about it, while co-opting it’s number go up digital scarcity.

Privacy wallets in bitcoin have laughably failed.

Satoshi didn’t invent bitcoin so its users could be surveilled and prosecuted, and their bitcoin taxed and seized. Or maybe he did and it has all been an elaborate trojan horse for the cashless NWO slave system.

Bitcoin is becoming a tool for the worst kind of dystopian surveillance and oppression. bitcoin users themselves have become blinded by greed and have compromised all of the freedom based cypherpunk values bitcoin was supposed to stand for, and provide for users.

They are all shilling compromised apps and services just to pump their own investments, at the detriment of those whom they mislead.

Bitcoin privacy wallets are a shit show

If you have been paying any attention to the state of bitcoin’s privacy and its privacy tools like joinmarket, wasabi wallet, samourai wallet, & sparrow wallet, you’ve probably noticed that all of them have fundamental flaws.

None of them work as advertised, the privacy they give is minimal and they are all so complicated to use correctly, that they may as well be useless.

Z-cash and dash get criticism from bitcoin evangelists because they correctly say that opt-in privacy is useless, since it puts too much responsibility on the user, leading to mistakes, a false sense of security, and poor opsec.

Z-cash’s encryption also required at its launch what was termed a trusted setup, where you had to trust the israeli mossad funded developers didn’t back door its encryption when they launched the network.

For z-cash specifically, the amount of people using its opt in privacy is so small, it is basically useless as your privacy will be compromised by all the users not making private transactions on the network. The same exact argument applies to bitcoin’s opt in privacy via privacy wallets.

Wasabi’s peel chain will help you slip right into a jail cell

To their credit, the samourai wallet devs have been warning for at least 2 years that wasabi wallet is flawed in the way it implemented the zerolink chaumian coinjoin spec, and that because of this, wasabi’s coinjoins are deterministic.

They do not follow zerolink as defined in the spec, and result in what is called a peel chain, which is a bitcoin transaction graph which consists of multiple subsequently post-mixed utxos & unmixed change linked transactions which blockchain analysis companies like ciphertrace and chainalysis can easily demix.

Wasabi wallet also has a nasty tendency to reuse wallet addresses which results in post mixed utxos being sent to the same address as post mix change utxos, often without the user’s knowledge.

This creates a massive opsec issue which a user may not even be aware of, as it provides a major heuristic clue to blockchain surveillance firms, and allows them to connect the dots with how the funds were moved through the coinjoin.

This fatal flaw impacts every single participant in the coinjoin negatively. Especially with large amounts of bitcoin in situations with low liquidity for the coordinator to create a coinjoin.

You can watch samourai’s short video explaining how chainalysis was able to demix the wasabi coinjoins used by the infamous dao hacker. Check out the video how wasabi coinjoins were demixed here:

Journalist Laura Shin was able to follow the movement of the DAO hacker’s funds, across various blockchains and into wasabi wallet, demix the coinjoins, and get enough circumstantial evidence to publicly name him in a recent article which you can read, here.

It’s a great article and I highly recommend it. Laura’s investigation into the matter single-handedly exposed how broken bitcoin has become since becoming “regulated”. I still don’t think she has been sued for libel and defamation yet, which speaks volumes.

Wasabi has been in full on damage control mode, ever since Shin’s article was published, and it’s hilarious.

They came out and issued a statement saying they would be blacklisting wallets from participating in coinjoins, and hiring the services of a blockchain surveillance firm like chainalysis or ciphertrace.

Listen to wasabi contributor Max Hillebrand and his laughably pathetic  cope in this interview with coindesk tv:

Keep in mind that Max is a “libertarian, austrian economist, & cypherpunk” who thinks or pretends to think that bitcoin is going to overthrow the fiat ponzi banking system.

You can’t overthrow the central banks with regulatory compliance and aml/kyc. I guess it’s ok to compromise on your foundational ideology if it pumps your bags though, right Max?

This is worse than bitcoin privacy evangelist Jameson Lopp shilling his casa aml/kyc custody service and inx exchange ico, or Giacomo Zucco, proclaiming that monero will be banned outright because it was designed in a way that cannot be regulated (what bitcoin is supposed to be).

It is laughable to see bitcoiners promoting institutional adoption, invasive privacy violating aml/kyc and financial surveillance, and praising freedom and innovation crushing regulation and compliance, in order to pump their own bags and mislead users who actually need privacy and censorship resistance in life or death situations…

This is what the “cypherpunks” in bitcoin have become. It is pathetic and sad, but also really funny. You can see a list of negative consequences for wasabi users who fell victim to wasabi’s flawed coinjoins, and bitcoin maxi ideology here:

Samourai & Sparrow know the xpubs of every coinjoin participant in whirpool

Samourai wallet is the other popular bitcoin privacy wallet recommended to those who think bitcoin will help them control their finances, give them privacy, censorship resistance and financial freedom. It’s is just as bad as wasabi, if not worse.

At least wasabi is being open about the fact that they are spying and censoring, samourai has been accused of deceiving its users since its inception, by making misleading and false claims.

Sparrow wallet uses the same whirpool implementation as samourai wallet, but on desktop instead of mobile, so everything said here about samourai wallet also applies to sparrow wallet as well.

While its true that samourai’s coinjoins are implemented in accordance with the zerolink spec standard, and they are non deterministic and actually do provide a basic level of privacy from blockchain surveillance, samourai collects and sends the xpubs from every whripool coinjoin participant to a central server.

This means the samourai team has the knowledge (and admits it) and ability to deanonymize every mix in whirpool, and if that server is ever hacked, the transaction records for whirpool mixes may come back to nip you in the bud, even years later as the blockchain is an immutable ledger.

Samourai tries to play this off by making a dubious claim that you can trust them, and they aren’t the threat model you need to worry about, but only God knows what they do with this data in the first place. You can read a samourai user fanboy response to this flaw, here.

I thought bitcoin was supposed to be “don’t trust, verify”. We aren’t doing that anymore?

What kind of privacy wallet makes a decision to compromise its users privacy by default? When authorities pressure samourai to reveal user data, will they start censoring transactions and working with chainalysis like wasabi is doing? Are they doing it already?

I don’t know about you, but I don’t want to find out the hard way.

We’ll probably find out next month. I am saying this sarcastically. It’s funny, but not funny at the same time.

Apart from the gaping opsec hole in samorai’s whirpool coordinator, samourai makes the counter claim that users can run their own dojo node and whirpool mixer. This brings us back to the flaw of opt in privacy (the zcash conundrum) and the fact that so few users actually do this, that it may as well be useless.

Aside from the fact that samourai’s whirpool mixer is most likely spying on you, their so called open source code base on github cannot be reproduced. This means the code in the github is not the same code available in the samourai mobile app apk binaries.

A website called wallet scrutiny did an audit of samourai wallet’s source code and binaries and came to some startling findings. You can read the report from wallet scrutiny here.

The main takeaway from the wallet scrutiny audit can be summarized as:

“The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late”.

Joinmarket can be demixed too

Joinmarket is typically seen as the hallowed and untouchable bitcoin privacy mixing platform by bitcoin maximalists. It’s user experience is complete garbage, and it can be demixed, but since it’s so impractical and hard to use, this means it must be good, according to their logic.

To joinmarket’s credit, it does provide a basic level of onchain privacy on par with samourai, however, it is very technical and not user friendly, and has been demixed in the past, just like wasabi.

Ergo, a samourai team member from oxt research has documented what is known as a toxic recall attack, which he discussed on the stephen livera podcast:

You can also read Ergo and OXT research’s report for yourself, here:

In the report and podcast Ergo explains how bitcoin privacy is vulnerable to peel chain analysis in joinmarket relating to tainted change outputs, allowing researchers to trivially follow coinjoined funds through several layers of coinjoined transactions.

The problem becomes worse when large amounts are mixed through low liquidity makers. For example, not that many people have the ability to offer coinjoins for 500 bitcoins at a time. The object of privacy via coinjoin is to hide in a crowd, and the crowd of people using joinmarket who can offer liquidity for 500 bitcoin coinjoins is very small, so the crowd is not sufficient to hide in.

The peel chain betrays the user by leaking metadata about each mix to blockchain surveillance efforts. This is made possible by the unmixed, tainted change, from each round of coinjoin, and the lack of liquidity and users participating in coinjoins.

Joinmarket may have added some additional mitigations to make this demixing less likely, since oxt’s report, but the fact of the matter is that the three most popular bitcoin privacy tools have been proven to be either fatally flawed, or to only provide the most basic form of onchain privacy which can easily be demixed by anyone motivated enough.

In the stephan livera podcast episode linked above, ergo himself sums the problem up by saying that bitcoin privacy is getting harder by the day (as well as privacy in all things), and that if bitcoin can’t provide a sufficient amount of censorship resistance and anonymity, then darknet users will move on. It’s already happened.

If the darkweb is using monero, then so am I, and its just that simple.

It’s sad but bitcoin is positioning itself to become the actual fedcoin bitcoin users claim it was designed to take down. If I am wrong, let me know why. I welcome comments, feedback, debate.

I am a bitcoin user, but monero seems to be the only coin which demonstrates the qualities of the cypherpunk’s vision of an unstoppable anonymous digital cash.

If you like the content, shoot me some monero or bitcoin:

1 Comment

Leave a Comment

Your email address will not be published.