what is the point of a Letter of Guarantee if it can't be used as evidence?
It is evidence that something has indeed happened, but it's not evidence of who made that action, it's really nothing more than a piece of code that sings a message using the mixer's singing address.
It's useful when you don't want to save everything in a database, you can verify the signature to know that address x depsoite/withraw x
BTC at x time, that letter is sent a plain text file, which looks like this:
<SIGNED MESSAGE>You used credit from your public Public Address ww6hjCimmJeuSX2noMX3cu4hg7pqApU7cxp on Wed Jun XX 2023 X:X:X GMT+0000 (Coordinated Universal Time). The withdraw address(es) are the following: 1 - xxxxxxxxxxxxxxxx which will receive xxx BTC x hours in the future. ; This message was signed using the letter signing address which can be found on our website or at /verification/letter_signing_address on the system's API.</SIGNED MESSAGE>
<SIGNING ADDRESS>1JmCabMgyVZ8zmgaV5JGH7BXe48buVaUUd</SIGNING ADDRESS>
<SIGNATURE>IDXxxZDXTkePo6/MX99LsyEkdXR3gcsu1P9xKZ7vTeVoLy54Z/h4NYkW7li2PdxDLV0slt7QQgwGDl3uqtx17ibo=</SIGNATURE>
If my funds didn't show up for any reason, I could still contact Whirlwind with proof that a withdraw to x address was initiated even if they don't have that stored in a database they could still verify the action. it doesn't prove anything more than that.
On the other side of things, this is what a letter of guarantee when you deposit looks like
<SIGNED MESSAGE>We have generated the deposit address bc1qke0e934n3v4dt5lgu7p8r2gvctfq54qhgtun7s at Wed Jun 28 2023 19:23:40 GMT+0000 (Coordinated Universal Time) where the minimum deposit is 0.001. You can deposit from Wed Jun 28 2023 19:23:40 GMT+0000 (Coordinated Universal Time) until Thu Jun 29 2023 19:23:40 GMT+0000 (Coordinated Universal Time). Our fee is 0% and 0 BTC per withdraw address. Your Public Address is wwKw8U2F62gUNJoxusqLSB6F1ZBmYg36qSB and you will use the private key (note) of this address which you must have saved to sign withdraw messages in the future. This message was signed using the letter signing address which can be found on our website or at /verification/letter_signing_address on the system's API.</SIGNED MESSAGE>
<SIGNING ADDRESS>1JmCabMgyVZ8zmgaV5JGH7BXe48buVaUUd</SIGNING ADDRESS>
<SIGNATURE>H/Ral+7vgK7Mo1ld3qd5AR2Plq8TCtRwoMW6G8Z8DWd6IGtAgw88ozkoxoQ2wcDzZJScBQZgHeYNXFtXS58E4UY=</SIGNATURE>
If I send funds to bc1qke0e934n3v4dt5lgu7p8r2gvctfq54qhgtun7s and then check my note and it's empty, I can use that as evidence that this address was indeed given to me by Whirlwind, in other words, Whirlwind can't just tell me "we don't own this address, we didn't ask you to deposit funds to it".
So now the user in question is already passed this stage, he has strong evidence that he deposited funds to an address given by Whirlwind which corresponds to a private note, which is why I think at this stage the user must not be ignored when they ask for support.
So this raises another question for the community: Do you think we should show the private key on the deposit page as well if that implies we also have access to it?
That sounds like another can of worms. How about asking the user to enter the last 5 characters to confirm he copied it?
I assume the majority of users don't understand that the generation of the PK is done in front end, they probably assume that Whirlwind has a table full of PK which they randomly assigned to different notes, it would be best to advocate for using ones' own PK, ideally, you would want to FORCE the user to enter his own private key generated elsewhere and use that as their note, that way they are unlikely to lose/forget it, but for now, maybe just add a note that says (you can use your own bitcoin private key generated elsewhere instead of using our website to create that)
Most people who use mixers probably know how to safely generate a private key, so along with verifying that they indeed copied it (something like what you suggested) which shouldn't show in the next page, because, in the next page the deposit address is already displayed, it should be displayed in the same page right after the captcha, all that should contribute in fewer user mistakes.