If the ip address does not change, then it turns out that the Samourai whirlpool solves only the second problem: service cannot steal user funds, but they can easily match inputs and outputs.
This is 100% true, Samourai is able to easily match inputs and outputs of Whirlpool coinjoin participants in two different ways:
- A coinjoin participant does not use a separate Tor identity for input registration and output registration
- A coinjoin participant shares their input address and output address in the coinjoin with Samourai when syncing their wallet's xpub
By default, Samourai Wallet collects data in both of these ways, and does not notify the user that their entire financial history is being leaked. I opened an issue in their Gitlab to have these critical privacy features enabled by default, but it was deleted and covered up by their devs:
https://web.archive.org/web/20230417145554/https://code.samourai.io/wallet/samourai-wallet-android/-/issues/458Thank you so much for understanding and writing about this!
It should be noted that Wasabi Wallet, which works through tor and where, unlike samourai, there are settings for managing tor identities, does not receive new identities during the coinjoin, does not assign connections to them, and accordingly works in this sense just like Samourai.
How I checked this without reviewing the code: I connected to the tor interface that uses wasabi:
> hexdump -e '32/1 "%02x""\n"' .walletwasabi/client/control_auth_cookie
3c1ec4821044621f34e24ef114fa3e27b95b286a2d9f01e2a82dccab323d9521
> printf "AUTHENTICATE 3c1ec4821044621f34e24ef114fa3e27b95b286a2d9f01e2a82dccab323d9521\r\nSETEVENTS SIGNAL STREAM\r\n" | nc 127.0.0.1 37151 | tee events.txt
I launched the coinjoin and after it I saw that not a single SIGNAL event happened...