Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Services
Re: 🍀🍀 whirlwind.money | Review Campaign | Write a review & earn up to $100! 🍀🍀
by
whirlwindmoney
on 05/04/2023, 12:26:31 UTC
Quote from: BenCodie on Today at 05:37:01 AM
Suggestions

Suggestion #1 - Improve the mixing process

For those wondering how Whirlwind works, it's quite simple. An example of flow of the process is as follows:
1. Your input is received by Whirlwind.
2. Your input is moved to the Whirlwind hot wallet.
3. You receive your output from the Whirlwind hot wallet minus your chosen fee and after your chosen time delay.

If you are using the "Fast" option with one input and the same output, no matter what fee you use you can be sure that anyone that is trying to track your blockchain transactions will be able to match the output with the input and the use of the service would be quite worthless. If you must use "Fast", you must break up the inputs into multiple outputs and use the time delay. If you really want to achieve privacy, I believe that the best way to go is to create multiple notes, combine them and create multiple outputs of different value at different times.

No matter which method you choose however, it is very easy to distinguish that your input was sent to Whirlwind and that the output has come from the Whirlwind hot wallet. This should be noted if you do not want future receivers to know that you are using/have used Whirlwind. The pitfalls of this come forward if Whirlwind is ever black-listed or tagged by chainanalysis or another related company, or if Whirlwind is ever sanctioned (like TornadoCash). If this happens, all coins would be tainted. Whether you believe in tainted coins or not, any service that you use that does believe in tainted coins would probably ask you questions due to the usage of Whirlwind.

It should be noted as well that it is possible to receive outputs including inputs from your deposit. Use a longer time delay if you want to avoid this. It should become less common as the service increases in usage.

I believe that the service should be improved with a more sophisticated mixing process. I suppose that in its infancy, it is fine for the time being. Though I can't see it being viable for too long if there are interests who do not want Whirlwind to be a solution for privacy in the future. These forces evidently exist after recent events in the last month.

I suppose that one positive about the mixing process is that one can easily verify the reserves on hand. I was able to confirm that whirlwind controls at least 4.98 BTC at the time of writing (not including cold storage, if any)

Thanks for your review - I have a few comments regarding the mixing process and I'll explain why it's far from being easy to track or insecure as you suggest, in fact it's quite the opposite. Please read this previous message of mine first:

Quote from: whirlwindmoney on April 01, 2023, 01:26:42 PM
Quote from: hugeblack on April 01, 2023, 11:47:04 AM
Since you are open to hearing opinions, I hope you will visit this link ----> Breaking Mixing Services

Quote from: madu on March 05, 2019, 09:30:35 PM
If there is interest in this topic, I can publish further information (source-codes, examples, ..) on this topic and attacks.
Link to my thesis (python source inside): https://www.dropbox.com/s/3yapwyfz72tvswh/BA_mixing_services.pdf?dl=0
Author: Felix Maduakor
Email: felix.maduakor@rub.de

1 Chipmixer was the only centralized mixing service which I did not break fully. However, I did not put much work into checking this mixing service.


Contact him, and if he accepts to give a paid review, I think that this will contribute a lot to gaining trust in your mixer service (at least for some here)
I went through his report and altough I'm sure we already fixed the issues outlined by him, I will still try to get him to do a paid review for your confirmation.

Coinmixer.se (the service used as example in the report) works like most mixers on the market today, and they all have the same big issues in common:
1.Maximum delay time is limited
2.Maximum amount of output addresses is limited
3.No option to have higher outputs than inputs
4.Use of mixing codes

These issues make it possible for anyone to perform blockchain analysis with relative ease. The privacy set (number of deposits your output transaction could have originated from) which is the most important figure in my opinion, is reduced to only the transactions that were performed during the time limits imposed by the "maximum delay". And since you also know the maximum number of output transactions each deposit has, it's not that difficult to deanonymize it.

We solve all these issues by introducing the Note mechanism. Let's see how the above issues apply to Whirlwind:
1.Maximum delay time is unlimited
2.Maximum amount of output addresses is unlimited
3.Outputs can be higher than inputs (combine Notes)
4.We don't use mixing codes

Since the user has the option to deposit and withdraw whenever he likes and we don't impose a limit, blockchain analysis becomes useless. In the case of coinmixer.se it's written in the report that they had about ~1000 deposit transactions a week. If we assume we'll have the same, then the privacy set of Whirlwind will grow by 1000 every week.

After 10 weeks every output transaction could originate from any of the 10,000 deposits into Whirlwind, and this figure will only grow as time goes on. With other mixers it doesen't matter how many deposits they have in total, the privacy set doesen't increase.

The use of mixing codes by a service confirms that the privacy set is very weak and introduces other risks since it can link your transactions. If a mixer does what it's supposed to do, it shouldn't matter if you get 'your own coins' back because anyone that ever used the service could have withdrawn those coins.

Regarding the other points you made:
-It's impossible to connect your inputs and outputs with 100% certainty thanks to the way the system works. Even if you are using Fast mode with only one output, that output could have originated from any deposit since the start of the service. Obviously you know which ones your transactions are, but for an outside observer it's impossible to know for sure since Fast and Note outputs are identical and you can't know which option any user chose when he deposited.

-The fact that it's easy to notice an output comes from Whirlwind is by no means a disadvantage in my opinion, all other mixers have their clusters tagged by analytics firms. Hiding that you're using a mixer is not Whirlwind's goal, our goal is to break the link between your transactions and we do that better than any other service, including those that send you "clean coins from centralized exchanges"

At first glance that may sound "better" since you get coins with low AML risk, but you need to ask yourself what do you value more and why are you paying for a service of this type in the first place?

Getting low AML risk score coins, but them being easily traceable back to you? Or getting potentially higher AML risk scores with Whirlwind, but achieving real privacy?

I would choose the latter any day, and Whirlwind was built with that in mind. It's all about numbers

If low AML risk score is really that important for users then I could offer this option too, without compromising the privacy. It would add more costs and complexity to the whole operation and that's why I'm not very keen on doing it, besides the fact that I don't believe it does anything better for your privacy.