Chain analysis companies can sybil attack Wasabi mixes as well.
A blockchain analyst can't Sybil attack Wasabi's for free like they can with Whirlpool's coinjoins. In Whirlpool, Sybil attack victims pay the mining fees for Sybil attackers. In WabiSabi, Sybil attackers have to pay for their own mining fees.
All that is necessary is to control x number of inputs but I don't think they need even waste energy doing that since all of the same bad post-mix practices are just as possible when you use Wasabi.
The same post-mix practices are not "just as possible" when you use Wasabi because there is no peeling chain created by change and there is no common input ownership revealed.
On top of that, there's multiple instances of Wasabi mixes being de-anonymized by normal bitcoiners without access to industry level chain analysis tools. The recent hack on Rick who lost 25 bitcoin for storing his coins in a password manager has had help from the bitcoin community to track down some of his coins to Binance.
https://twitter.com/RMessitt/status/1724135148055097364Where is the deanonymization?... You are the SECOND person to use this example of "Wasabi being de-anonymized" when the only proof is a guy saying "It looks like" and guessing the only possible exit:
https://twitter.com/ErgoBTC/status/1723700744576971012I have no doubt law enforcement will be happy to freeze his coins based on this guess anyways, but their suspicion is not based on conclusive proof because the attacker coinjoined with at least one other user. I would make the same guess based on script analysis, timing analysis of peers, amount analysis, and destinations of premix and postmix funds.
Address clusters and peeling chains are absolutely possible with Wasabi.
- If you ever try to spend an amount greater than a single UTXO, you need to merge inputs.
So what? When you merge inputs in a coinjoin, common ownership isn't revealed.
- If you spend less than a single UTXO, then change is generated which give birth to the beginning of a peeling chain.
- If you don't use this change UTXO, then you have a UTXO that sits idle forever and Wasabi has a "dust bug" or "tracable leftovers" as you've called it.
If you decide to generate change by making a payment outside of a coinjoin, you can just coinjoin the change instead of creating a peeling chain.
Acting like your privacy cannot be compromised when mixing with Wasabi is blatantly false. They aren't magic. They may offer some privacy in certain instances but not as much as you seem to believe. The user of any wallet needs to be aware of basic privacy practices. Address clusters like merging inputs and peeling chains are unavoidable. That's the very nature of UTXOs.
I admire your pessimism, but the WabiSabi coinjoin protocol is magic (ecash style cryptography) and actually did fully solve Bitcoin privacy:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-April/020202.html"traceable leftovers" is a misnomer. Any UTXO can be "traced". You're conflating a bad privacy practice with a mixer "flaw". It's not an accurate comparison. There are plenty of users who don't merge their doxxic change. I know multiple people who use whirlpool and never merge doxxic change outputs and thus they never create address clusters or peeling chains. There's multiple ways to spend CoinJoin change without doxxing yourself:
https://www.whatisbitcoin.com/privacy/spend-coinjoin-change WabiSabi coinjoins don't create any doxxic change at all, "traceable leftovers" are fully eliminated. That's why Whirlpool's coinjoins are flawed and WabiSabi coinjoins are not.
Your concern about Tor is reasonable but OP is broadcasting though their own node which runs behind Tor so it's not an issue. It seems like you're just here to flex on the OP and tout Wasabi as better than Whirlpool.
Are you affiliated with Wasabi?
Yes, I've contributed to Wasabi. I contributed to Samourai as well, but my bug reports were deleted:
https://bitcointalk.org/index.php?topic=5471645.0