Cyph3rp9nk on Nostr: About coinjoin coordinators. There is a difference to be made between privacy ...
About coinjoin coordinators.
There is a difference to be made between privacy on-chain and privacy at the network level.
Even if you have chain privacy you can tag the addresses with their respective ips and trace the user. Obviously this can only be done by the coordinator.
This is why Samourai and Whirpool have always sucked.
Whirpool:
- If you used the mobile wallet without your node, the coinjoin was useless because your public keys were exposed to the backend and with them all your past, present and future addresses.
- If you used your own node or sparrow it was also of little use, since both samourai and sparrow reuse the tor circuit, they only generate a new one if you close the application, and therefore the coordinator can tag the incoming and outgoing addresses at the time of registration and ruin the coinjoin. Whirpool has never been zerolink, the coordinator knew everything.
Wabisabi:
- It creates new connections for both input and output addresses, so the coordinator sees distinct identities, although I think it has flaws in its design due to the delay. We can consider it to be zerolink, at least they tried and were honest.
Joinmarket:
- Since there is no centralized coordinator it is much less important to create new tor circuits for each connection, still the coordinator (the taker) will know the ips of the incoming and outgoing addresses. I don't know if they are mitigating this in any way.
Joinstr:
- Use Riseup VPN for logging, everyone uses the same VPN, there is no possibility of tagging inbound and outbound addresses across relays.
There is a difference to be made between privacy on-chain and privacy at the network level.
Even if you have chain privacy you can tag the addresses with their respective ips and trace the user. Obviously this can only be done by the coordinator.
This is why Samourai and Whirpool have always sucked.
Whirpool:
- If you used the mobile wallet without your node, the coinjoin was useless because your public keys were exposed to the backend and with them all your past, present and future addresses.
- If you used your own node or sparrow it was also of little use, since both samourai and sparrow reuse the tor circuit, they only generate a new one if you close the application, and therefore the coordinator can tag the incoming and outgoing addresses at the time of registration and ruin the coinjoin. Whirpool has never been zerolink, the coordinator knew everything.
Wabisabi:
- It creates new connections for both input and output addresses, so the coordinator sees distinct identities, although I think it has flaws in its design due to the delay. We can consider it to be zerolink, at least they tried and were honest.
Joinmarket:
- Since there is no centralized coordinator it is much less important to create new tor circuits for each connection, still the coordinator (the taker) will know the ips of the incoming and outgoing addresses. I don't know if they are mitigating this in any way.
Joinstr:
- Use Riseup VPN for logging, everyone uses the same VPN, there is no possibility of tagging inbound and outbound addresses across relays.