Currently the private key is generated by the user in the frontend on the main page. If we were to show it on the next page as well that would imply we generate it ourselves and store it, that's why we didn't do it.
So this raises another question for the community: Do you think we should show the private key on the deposit page as well if that implies we also have access to it?
Others will no doubt express their opinions but I think if you showed the private key it would imply that a breach of trust has occurred. In my opinion it would be a mistake to do that.
I would, once again, lean towards the more clear-cut yet harsher side of things. It is stated before you Generate the note and once you've generated it that you need to save the private key or else your funds will be considered lost. Like I've said before it's a tough situation but user error should not compromise the overall security of a service.
I do not why the member in question felt the need to use tor and clearnet together when he simply could have just used tor.
Something went wrong and he ended up with a letter of guarantee and nothing else (no private keys). Is it fair to say that the full error lay with him rather than his version of events where is stated as saying some part of the blame lay with Whirlwind because they had hosting issues?
For me the way I understand it from previous posts, the clearnet will always be under some form of DDoS and all have been advised on a number of occasions to use tor therefore I fail to see why he is claiming Whirlwind are part responsible for him not saving his private key when he was opening and closing multiple tabs and using multiple browsers.
In this scenario, the user has stated he can provide a letter of guarantee. Assuming this letter of guarantee is indeed the correct one, it will have a deposit address inside it. If the user can also sign a message from the address(es) which sent funds to the address contained within the letter of guarantee, I would say that's pretty compelling evidence that the user is telling the truth and does indeed own those funds.
You are right about the letter of guarantee, he can provide it but he cannot provide a signed message from the address. He has already stated that will be unable to provide a signed message because he was withdrawing the funds from Whirlwind to send to a coinjoin address (maybe to Coinomize, YoMix, Mixy.Money, Mixero, Mixtum or another).
This service is made for humans, Humans make mistakes, I believe I can sufficiently prove I sent the money, I sent using sparrow wallet, I can send another one to show I control the originating address before funds got split and coinjoined, I have the letter of guarantee, I still have the tab open (though it now pops up an error message cos its been more than 24 hours).