EPISODE: 0.1.5
BLOCK: 677022
PRICE: 1701 sats per dollar
TOPICS: bitcoin privacy, coinjoin
nopara73: https://twitter.com/nopara73
openoms: https://twitter.com/openoms
streamed live every tuesday:
https://citadeldispatch.com
twitch: https://twitch.tv/citadeldispatch​
bitcointv: https://bitcointv.com/video-channels/citadeldispatch/videos
podcast: https://anchor.fm/citadeldispatch​
telegram: https://t.me/citadeldispatch​
support the show: https://tippin.me/@odell
stream sats to the show: https://www.fountain.fm/
join the chat: http://citadel.chat/
[00:00:00]
Unknown:
And and I'll tell you why. Okay? I I I will give him the first statement that it's highly volatile. And at this point, it's tough as a to use for transactions. But then he says it's not really a store of value and then says it's essentially a substitute for gold. So the the 4000, 5000 year store of value that we know historically is gold. And he just said it's like gold, but it's not a store value. So does he not think gold is a store of value? And with what the Fed's doing right now is a dollar, is he really making the case that that's a store of value?
[00:00:40] Unknown:
Well, hey, Joe. You you're thinking about it exactly the right way. I mean, there's a lot to unpack there. So so, you know, first of all, it was a store of value. I would just say there's a reason people have flocked Bitcoin in the last year, right, which is something else happened in the last year. And that is that we increase the money supply by 40%. So when you do that in a world of supply and demand, it means that the dollar is at least a 40% less good store of value than it was a year ago, and and that is one of the reasons people look to Bitcoin. But, Joe, the point I really wanna make is the dollar may not actually be backed by anything. Obviously, we went off the gold standard in the Nixon administration, But cryptocurrencies actually are backed by something.
They're backed by underlying networks. And what you're buying when you buy a crypto token, whether it's Bitcoin or anything else, is you're buying a piece of a financial network that's being built to transact all kinds of stuff. And the number of things that have gone on chain in the last 2 years is enormously high. That's why the cryptocurrency market today is almost a $2,000,000,000,000 market. I believe in the wisdom of crowds, personally, and I think that there's kind of, like, forces of the future at work here and then forces of the status quo. I think the crowds are telling you that these networks are where finance is going in the future. I wanna be part of that.
[00:02:32] Unknown:
Happy Bitcoin Tuesday, freaks. It's your boy, Matt O'Dell, here for another episode of Citadel dispatch. This is Citadel Dispatch 15, the interactive live show about Bitcoin distributed systems, open source software, and privacy. I'm joined by a return guest and good friend, Open Arms, well known for his work towards making join market, more user friendly with his join inbox project, and No Para, who is the founder of Wasabi Wallet, one of the easiest to use CoinJoin implementations available. We look forward to discussing a very important topic today, in that Bitcoin privacy and using Bitcoin privately, why it's important, the current tools at our disposal, future tools at our disposal, and tangential discussions with that.
I am aware that we usually come to you at 21 100 UTC. It is earlier today because of time zones and because this discussion is an important one, and we want to make it happen. So thank you to all the freaks who were able to make it, at this earlier time. If you're joining us through the audio feed, the Citadel dispatch can be viewed live on Twitch, Twitter, YouTube. Then after the fact, it goes to our podcast feeds, both the Ciel dispatch dedicated feed and the tales from the crib feed. So you might be listening to us there. Also, full archives without ads are posted, on citadel dispatch.com, both video and audio, hosted on Keybase and on Telegram.
So with all that said, if you're joining us via audio, that clip out in the beginning, was Brian Brooks, who is, like, the former lead lawyer for Coinbase, and he was also the former controller of the currency talking to our boy Joe Kernan on CNBC, candidly about, Powell's our current Fed chair's statements regarding Bitcoin and and whether or not it's a store of value or, or or a money, and it's just I don't know. It's kinda funny that it's just it's just hit the mainstream news in that way, and and they just talk about it so candidly. They talk about 40% money supply printing, which used to be, like, things that people would talk about in, like, dark dark corners of the Internet, and now it's just on CNBC.
Anyway, with all that said, I wanna thank the Freak's again for joining us live, and I wanna thank both Nopar and Open Arms for joining us for the discussion. I'd like to, you know I I figured we should start, with the discussion with why the Bitcoin privacy discussion is so important to Bitcoiners and why it should be important to Bitcoiners and why Freak should care about it. And with that said, let's start with you, Noepara. What do you think here? How's it going?
[00:05:29] Unknown:
Hey, guys. I'm happy to be part of this potentially historic conversation. So I would like to talk a bit about Bitcoin privacy and and and and its importance. And I thought maybe the best way to to communicate it is that I just present my my thesis on it that, basically operating based on that maybe during the last one past year. And and it all starts with the properties of good money, which I assume many people have heard about before. The divisibility, portability, fungibility, and so on, where Bitcoin brings scarcity to the table so no one can print more.
And and the only remaining problems left in Bitcoin is acceptability, portability, and fungibility. Acceptability is an easy one because it's it's taking care of itself. If we improve the other properties of money, then then acceptability is going to take care of itself. Portability is something that Bitcoin is or or any other cryptocurrency, to my knowledge, lacks a lot, and that's a very important topic to work on. However, there is a there is an army of open source developer working on portability. And that leaves us with with fungibility, which is, I suppose, for the sake of this conversation, we can say fungibility, privacy, and anonymity are the same things in in this in this context, but we might elaborate on that later.
And, you know, fungibility is not something that many people dare to to work on, especially on the implementation side because because there are large forces and interests trying to to control the citizens of every word, and one of the tools of control is must surveillance. And so it would not be a good idea to to let a private, anonymous, fungible currency had to be released to the world, but, you know, this is going to happen. It may happen with Bitcoin. It may happen with Monero. It may may happen with other alternative cryptocurrencies. But my guess is and I suppose everyone else's guess here is the same that Bitcoin is going to take over the world because people don't care that much about fungibility.
You know, fungibility, privacy is something that matters until until it stop mattering. And and so so if Bitcoin takes over the world, then 40 years from now, we will tell a very different story to our grandchildren. The if we we have Bitcoin privacy ready, then then without, without privacy in Bitcoin. So I I believe that's that's why fungibility may be the most important thing to to work on right now at this moment.
[00:09:36] Unknown:
I mean, I think you make some very good points there. I think what a lot of people, don't appreciate in the Bitcoin circles is that this is larger than just Bitcoin. We're seeing, transgressions made by large governments and corporations around the world on people's privacy, regardless if they're a Bitcoiner. Bitcoin is a subset within that. If we expect it to be the money that that the world will run on, the the the future money of the world, then obviously, it's gonna become a bigger and bigger aspect of the private equation. And it's important that especially with something like Bitcoin where you have this open ledger that's we expect to exist forever, if if if we don't work on this soon, mistakes that are made today could come back to haunt people in the future. Those things are never you know, the the ledger will never change.
So so if you make a mistake today, in 5 years, 10 years, it can come back to haunt you. Open Arms, you've dedicated a large portion of your time. I know you don't do this full time, and I have tons and tons of respect for the work you've done, towards trying to make Bitcoin more private in your work with joining Box. Where do you what is your perspective here? Why show the show the freaks why they should care about, using Bitcoin more privately and improving Bitcoin privacy guarantees, at least on the app level.
[00:10:58] Unknown:
Yes. Exactly. I mean, I I agree with, you know, the things said previously. And also, I mean, CoinJoin is is one thing. It's a very important and very efficient tool, but, I mean, limited in scale, but we'll talk about that probably. Also, I mean, I do approach privacy in from all the different angles, as as we do all from, you know, from the net network level to the base, Bitcoin level and the base layer level and also, you know, going on second layers like lightning and, you know, other, kind of solutions are are as important as well. So I'd like to use all the tools available and why it is so important because this is just so much different from what we had before. We we had a have a system for registering and surveilling transactions, which is made for a private banking system.
And having a decentralized open public ledger, which everyone can read and use, it's just so completely different that it needs to be used differently. We need to be need to put emphasis on caring for our privacy because otherwise everything is just out in the open and you will be having a surveillance tool which has been never never seen before. And, obviously, you need to avoid exposing all your financial activity for your personal safety, but it's also important for your business or any other business for the essential for the operation of a free market.
So you need to be able to only expose things which you choose to, which is which is the main kind of aim here that, you can prove everything, but you don't want to expose more than necessary. So, yeah, I mean, this is just my kind of I would like to work towards the future which I'd like to see rather than a dystopian Orwell 18 1984 1, which could be as well as a reality if, you know, privacy would would be nonexistent.
[00:13:30] Unknown:
I mean, you mentioned 1984. Do you guys think do you do you guys think there's a lot of comparisons here with Bitcoin privacy spending money privately to speaking privately, private speech, encryption?
[00:13:46] Unknown:
Absolutely. And this is transaction either it's a form of communication, financial transactions as well. So being able to communicate freely is essential for, you know, for a healthy life and for, the kind of function of the society or civilization.
[00:14:12] Unknown:
So with all that said, I mean, I I agree with, I agree with the premise, Open Arms. I I think that I I want to, I want to cover all sorts of tools we have available to us, not just CoinJoin on this conversation, and I we will. We will get to that. But before we do, I think, well, first of all, to any any new freaks that are here, if if you're watching live, the top price is the evil empire's Coinbase's price, and then the bottom is Bisq, which is why Bisq is is is not moving as frequently. It has way less volume than Coinbase. So, I mean, I I think a great place to start here is Nopara spent a good amount of time releasing Wasabi Wallet to the world, and I'm curious your perspective, Nopara.
We know now you're working on Wasabi Wallet 2.0, and we will get to that. But before we do, with all these users using Wasabi, what what have you learned from that experience? What have you learned? What are the lessons that were learned from Wasabi that are that are hopefully being used going forward in terms of, Wasabi 2 point o development?
[00:15:42] Unknown:
Okay. So it it doesn't really connect that much to privacy, but it I I think this is the largest lesson I learned, or I'm still trying to learn or figure out how to think about that because, you know, I I started Wasabi alone in 2015, and then for 2 years, I pretty much worked alone with 1 or 2 people joined to the adventure for a shorter period of time. But then when when started to work with more and more people together, And I never worked in a big company before, and I don't know how things are are are taken care of in in the company. So, you know, I I came from this Bitcoin open source at all where everyone is is doing his or her best to the best of his or her ability.
And and and and so so our hiring process was the it it was very simple. You know, we we give you money every month, and you do whatever you would like to do. And this led to us going to many, many different directions and not not going to a to a to a common goal, to not not targeting the same thing together. And I did not change it in a way that, that that's how how you would you would work in a normal company that management has the objectives, and that's how it it must happen. But what I figured maybe the best way to to to run a company you know, I have no idea, but the best way to run a company is to try to convince everyone to go towards the same goal and see what happens.
And that's when, yeah, that's happened one and a half year, year ago, and and we'll see. So so so, yeah, basically, my my my largest learning experience is that when you let people do whatever they want without any inputs, they will do very good things, which microcosmically makes a lot of sense, but macrocosmically, it doesn't really.
[00:18:42] Unknown:
Can you remind us when was the pivot was released on on mainnet? When did you do the first, coinjoin with it?
[00:18:53] Unknown:
It's 2018.
[00:18:57] Unknown:
Yeah. Wow. Yeah. It's Real ways ways more recent than that, doesn't it, Open Arms? Yeah. Yes. I mean, especially
[00:19:06] Unknown:
that was basically the time I was starting to look into more deeply into, I mean, Bitcoin Bitcoin and Bitcoin privacy itself and started to contribute to project and and things and kind of was one of the one of the first advanced interface which I've which I started which I've started to use, you know, providing a very good coin control and just generally being able to just open it without and using it fairly privately from the network level without having a full node running yet at that time. So it it was certainly a change of, change of the way people were interacting with
[00:19:52] Unknown:
with Bitcoin. I mean, the space was massively different back then. I mean, if you look at some of the top projects, things like Specter, all the node packages, you know, the Raspberry Blitz, Umbrel. I don't I wonder if Raspberry Blitz start. Like, I I don't think that was even a thing yet, right, in 2018.
[00:20:10] Unknown:
I think it started in in the spring of 2018, and I started contributing towards the end. It is pretty much as Lightning came to Mainnet, shortly after.
[00:20:25] Unknown:
Because before Raspberry Pi Blitz was Raspberry Pi what's the other one?
[00:20:31] Unknown:
Raspberry Pi Raspberry Pi was the Right. Yeah. The project is static because, I mean, it was basically the same kind of thing to get Bitcoin and lightning, you know, running because, now there was an added incentive to run a node, not just, you know, spinning up Bitcoin Core on your desktop, but you wanted to have an online one for a dedicated hardware on Raspberry Pi to start with, to use to use a node to run a node, a lightning node, more specifically.
[00:21:03] Unknown:
So, I mean, to circle back here, Nopar, I mean, I appreciate the insight. I think a lot of what you answered my previous question about lessons learned come from the organization side, running such a a large, free open source project and a a for profit company that's, like, one and the same, which is actually really novel, coordinator and collect coin join fees and actually be quite profitable, is is, extremely novel. Historically, wallets have had very a lot of difficulty monetizing in an ethical way. Usually, they end up adding fiat, KYC, on ramps, and stuff to try and get fees, which is obviously really poor incentive, if if you want a free open source project to be focused on privacy.
But I guess the point of my question was more and maybe this is just because of my perspective. I mean, I was I'd already understood the importance of Bitcoin privacy, tools mostly because when I was an early Bitcoiner, I made a lot of fucking mistakes, and those mistakes exist on the Ledger. Like, I made those mistakes. I had no idea what the fuck I was doing, and they're there. They exist, and all these mistakes are are expanded even they're made much worse because of this creeping KYC that that we the KYC, know your customer, anti money laundering regulation where they require this really intimate exchanges require this really intimate private information that they store on you, that oftentimes gets leaked, hacked. We just had the largest KYC hack ever, happened, I think, yesterday or it came out yesterday or 2 days ago in India. It was like a 140,000,000 people, had their intimate personal information leaked, and that's just gonna get worse and worse and worse. I I as we have more of our personal information online, it'll undoubtedly get hacked, sold, leaked at some point in the future, aggregated and stored insecurely.
So that exacerbates the Bitcoin privacy concerns, to me. But I guess I guess that's kinda long winded. My my perspective has been when Wasabi came out, you know, I was, like, very, outspoken. Anyone who's around at the time remembers I was a very outspoken Wasabi user and promoter. And I want I I realized, you know, these tools allow you the goal of these tools is to hide amongst the crowd. The the goal of these tools is is is is you need you need usage for them. You could have the best tool ever, but if there's only 10 people using it, it doesn't matter what kind of privacy gains you get because you the an attacker still knows you're one of 10 people.
And so so usage is extremely important. Normalization is extremely important. Getting it up that getting those numbers up sooner rather than later is extremely important. And we exist in a space where the people we're up against it's an asymmetrical asymmetrical fight. The people we're up against are hiding in the shadows. They don't tell us what they know. They don't tell us what they're doing. They don't tell us, the data they're aggregating on us, but everything we do is in the open. All free open source software development's in the open. The ledger's in the open. All of our activities are in the open. Education, promotion, usage, all this is in the open on our side, and the the attackers are are are secretive, and and we don't really know what they're doing. So I guess where I'm going with this is from my perspective, myself using Wasabi and other people using Wasabi, there's there was and the questions they would ask me, there was a lot that I learned about designing privacy focused software for an end user in mind.
And I was wondering what takeaways you had because I know, like and and I guess we could get get into it more, but, like, the I think am I wrong in saying that the the point of Wasabi Wallet 2.0 is to try and mitigate a lot of the concerns that were learned from a user perspective with Wasabi Wallet 1?
[00:25:34] Unknown:
So yes. But that's not the the main point why we started researching it. The But but the main point was is that, you know, But but the main point was is that, you know, ZeroLink was figured out, so it no. Actually, Wasabi was figured out, so it breaks the links between the coins that arrives to your wallet through the coins, those are anonymized and private in your wallet. Like, it it doesn't it doesn't do do more. Like anyway, so so the main reason was is that we could already see and even in in the times of 0ing because I kept opening issues regarding that. But we could already see the huge limitations what what Xiaomi and Coin joins with 0 link applies.
How what is the potential of them? And it's it's not great. It doesn't go much further than that. It can go further.
[00:27:01] Unknown:
What kind of limitations?
[00:27:05] Unknown:
Oh, you know, the the minimum denomination, the this this this this point, what what I just said that it breaks the link between from the wallet, from the coins receiving to the wallet, to the coins spending to the wallet, that there is there are coins in between. Right? Like, if if you mix a coin, you spend it, and that generates a change, then that change shouldn't really go into the mix. I mean, sometimes it's a good idea, but but it's it's not it's it's not clear. Right? Like, this kind of limitations. But the the main limitation is the workspace efficiency.
If we keep creating these these simple equal outputs coin joints, what we are doing right now, then we're going to be priced out very fast. And and, you know, I I I think we we don't have a we we are not arguing about that. Right? Like, if more people come to Bitcoin, then block space goes up. So proportionately, CoinJoin fees are gonna be more painful to people than
[00:28:20] Unknown:
than it could be. Already priced out. Right? Like, it's it's significantly more expensive to to use to to use CoinJoin than to not use CoinJoin. I mean, the the the cheapest way for someone to use Bitcoin is just the worst privacy possible. Right? It's just, like, consolidate all of your UTXO sent to a single fucking UTXO, and then just spend from that.
[00:28:42] Unknown:
Exactly. And, actually, this is this is something what I I I've learned that it never really gets priced out because it will always be Economica to mix with more Bitcoins. Right? And that's that's a problem because because because it doesn't matter how much money you are you are transacting with the Bitcoin. What matters is how many bytes your transactions are using up, how much block space you are using up, and that does not correlate with the amount. So there will always be economical to to mix with with larger amounts. But, yeah, this this is going up and up and up, the equilibrium.
Right?
[00:29:30] Unknown:
Yeah. So, I mean, like, I've come to the conclusion, that, you know, using Bitcoin privately will always be more expensive, I think. I I I don't, you know even in, like, a world where we have signature aggregation and we have Lightning and stuff, maybe Lightning provides some kind of incentive to, you know, use Bitcoin more privately that's cheaper for you and we can get into that later. But I've kinda come to the conclusion that it'll always be more expensive. The goal should be maybe to make it only slightly more expensive. But when it comes to to when it comes to to increasing adoption, obviously, the single most important thing you can do is is lower costs. But I think the the the other two big things that people don't really talk about is, first of all, UX is is super fucking important. And I wanna dive into this with Open Arms because of, you know, Join Market was around. I think it it launched in 2015 as a project.
Correct. And and it never really got that much adoption, I think, primarily because of UX. And we can jump in that in a second. But the other thing that I've noticed that I've learned from an education point of view on the front lines with users, who I've provided workshops for and handheld them and stuff, is, like, the defaults are super fucking important. 99% of people will never fucking change the defaults. And if if if if an educator or a promoter is trying to increase adoption of something, telling them, you know, if you have a bunch of gotchas that you have to tell them every time you try and onboard someone new, you know, change this, change that, make sure you don't do this, make sure you don't do that, make sure you don't do this. They're especially in a world where all you have to do is make one mistake in privacy and it's on the ledger forever and you're fucked.
It's just a it's a losing strategy. It's a strategy where you just, you know, I it it's it's you're you're trying to run uphill. And and we've seen this with with Open Arms is he's he's packaged join market into this into this, like, raspi image and join inbox to try and make the default experience of join market better. Nopar, would you agree with me there that, like, that that most users aren't changing defaults and, like, you know, having sane reasonable defaults is is, like, really the only way to go forward with this?
[00:31:55] Unknown:
Oh, abs absolutely. In fact, you can go even further and, you know, I I I'm pretty sure you encounter this situation many times when you're talking with someone who who is into Monero, and and they they are talking about when Monero have privacy by default, and, you know, they they bring this up as an argument. Like, that's not what you would want, but that's exactly our goal with Bitcoin. Right? Privacy by default. Now will we ever get there? That's a that's a good question, but that's definitely the
[00:32:34] Unknown:
I always think it's work. Yeah. Yeah. Sorry for cutting you off. I mean, I just always think it's so interesting that, you know, there's all these insecure Bitcoiners that when people like us talk about, you know, improving Bitcoin privacy guarantees, They think it's, like, some kind of underhanded promotion of Monero. But, really, like, the the biggest existential threat to Monero is that Bitcoin is easier to use privately. Like, if we're successful here, like, there's absolutely no reason to use Monero. So it's absolutely hilarious to me, how often I have people, like, chirping at me that, you know, like, I'm, like, secretly promoting Monero. It makes no fucking sense logically.
[00:33:20] Unknown:
So, I mean, the the this work that they are doing is very important. Right? Like, if Bitcoin would really stay at it is today, in terms of privacy, then the only thing that would save a totalitarian, smart surveillance, Fortica system would be like a private Altcoin. So so I think it's very important that they are doing it. It's just my calculation is that, probably people don't care that much and gonna use Bitcoin anyway even if it's not private.
[00:33:56] Unknown:
Yeah. I mean, my perspective is I think Bitcoin, you know, is gonna be successful. So, if if we expect wide spread Bitcoin usage, then the focus, as a as someone who cares about privacy should be, you know, making it easier to use privately as much as possible because I I I think it's gonna be super successful regardless. Open Arms. So you wanna give some insight here in your your opinion on on your work on joining joining Box and and why defaults are important, why UX is important, why accessibility is important, why we have to increase these numbers. Like, I I really do feel like, like, how many CoinJoin users do we think there are, guys? Like, do we think are are there more than 10,000 people in the world using CoinJoin right now?
[00:34:40] Unknown:
That would've make sense if you could tell.
[00:34:43] Unknown:
But gut. Just saying gut. I think that's a very conservative overestimate. I think we're not even near 10,000.
[00:34:52] Unknown:
Yes. I mean, what I can see in the joint market order book, we have usually have between 102 100 offers, which means those are separate wallets, not necessarily separate people, but, you know.
[00:35:07] Unknown:
It's an upper bound. It is. The the the max it probably is is the max it is is, like, 200 people.
[00:35:15] Unknown:
Yeah. Of makers. Yes. Right. Of makers who are running at the time. Right? But so so yes. So coming to join market it's it's, it's a great rabbit hole, you know. I was I was very very, happy to fall down into. But to be honest, it needed some, you know, previous training with being familiar with Bitcoin transactions and, like, derivation parts, you know, things like gap limit and, you know, things that you would not just have when you that the only thing which you have used is a mobile wallet before. But if you if you have run a node and you have seen the command line before, then I think it it is a very good thing to look into what this OG and continuously improved wallet is able to offer.
So if you've used, like, Bitcoin Core in the in the command line, but then it's nothing stopping you to use join market as well. Join market also has a QT interface similar to what Bitcoin Core offers, which is, like, you where you can do coin control with a click of a button and you can like send coin joins and send and receive page joins as well. So so so it is it is very very usable, but it has this, requirement that you need to you must run a full node because that's what this connecting to. It needs it needs a Bitcoin RPC interface provided by Bitcoin Core to interact with the network and get the information out of your balances and your transactions.
So that's kind of the first thing which could have been I mean, which could have, improved a lot with just packaging it into into basically. And then also it it works as a as a standalone in in joining box. So you just spared that kind of setup process that now you need to set up a full node and install a Python package. All of this works best in Linux. So if you're not running Linux that you are in a bit of a difficulty, although you have, like, a windows dot x as well, which you can try. But yeah. And and you can use something like Wasabi as well in in Windows, but, you know, I wouldn't trust, any significant amounts on a computer running closed source this fiber. Does the Bitcoin privacy discussion start with Linux?
Yes. I think so. As as as I've said in the in the beginning, you know, there are different levels to this in in in your life. And starting with not leaking everything or a lot of things without your knowledge out of your computer is the first step to have better privacy. And then you you can move on to your phone and then, you know, you can transition try to, work towards running software only which you trust or which is auditable and which is
[00:38:37] Unknown:
based on freedom, basically. But And and this yes? There's 2 things here, Open Arms. Right? There's there's on chain footprint and and how your transactions look on chain, on on a chain that we expect to exist forever. We I like, I expect Yes. The Bitcoin Blockchain to outlive me. Right? Outlive my grandkids, outlive their grandkids. Like, this fucking thing is gonna be there forever. So you have the on chain footprint, that is on this ledger forever that everyone can view and inspect forever. And then you have this, like, network level, advanced attacker type of threat. Right? Where, like, Windows is closed source. Right? So maybe maybe information is leaking through your Windows computer to Microsoft or some kind of closed source vendor that's operating on on a Microsoft product or Apple or something like that Oh, yeah. Or your phone or something like that. But do we agree to Alexa and Google Home and etcetera. Yeah. Right. Like people have yeah. People have fucking they buy wiretaps, and they install them in their house that are run by global corporations that coordinate with governments. Exactly. That's the first step.
But but would you agree though that from a overarching basis, if we're looking at trying to help the most amount of users, have some kind of decent privacy improvements with Bitcoin, the the on chain footprint is first place to start. It's almost the it's the it's the thing that's gonna be there forever. It's it's the lowest hanging fruit.
[00:40:13] Unknown:
Yeah. No. Absolutely agree. I mean, so and and sorry for kind of, you know, did I link the conversation to to No. I love this. This is great. Continue. What software you are using? But I just tried to kind of explain why why it is difficult to get joint markets to get started with joint markets first of all because it's based in these principles that you already through these steps before. Right? That you are your kind of software practice or, like, informatic technology practice is already kind of at level where you can deal with the command line. Right? But it's obvious this is not true for most people and, you know, you shouldn't be, spending that much time, I mean, for for an average or if you are not a software developer or like a Bitcoin fanatic like us. Right? So that's why we have these note packages and that's why I've I've tried to put it as easy as possible to just install from a menu, you know press a button basically, and then you are provided with an interface which is an interactive guide which which where you see the options what you can do, and you don't need to look up any unfamiliar syntax in the, in the command line, which is but it shows you what it does, but you can just choose what you want to do. You don't need to look it up. So this kind of approach is just an interactive guide, so you don't need to follow a tutorial, but the tutorial is inside there.
And I mean so I've seen that people do enjoy and and I I know a lot of people who have started to use your own market because of this. And then once you get used to it, it is it has such, a wealth of functions that you can do the most most things which other wallets do as well. And there are advantages of the architecture, how it is how it is built up. Because I the most important thing, I see with coin joints and as we've discussed before as well and which is somewhat kind of makes it complicated and what it is not present in in Waselby that you have this mixed debts or different accounts idea that you're separating the those coins which have not been mixed, those which have been through a coin join, and the change from those transactions.
And, this happens in join markets in a way that it has kind of a circular build of circular architecture of 5 accounts, also called mixed debts, where the coins are just tumbling through only only able to progress between an account from an account to another if they are going through a coin join. And the unmixed change from that transaction is left behind in the previous account and the coin join output is progressing to the next account. And, also, how the wallet is written, I mean, obviously, you have all freedom to do whatever you like, but the default is that you are not allowed to spend not allowed to merge coins between different accounts.
Meaning, you are not merging the coin joint outputs with the omnix transactions. And and this this is something which is, you know, the the basic principle of of dealing with joint market. And, also, it just needs a bit of understanding because you deposit some money, deposit some Bitcoin, and then it goes through a couple of coin joints and, oh, where where did it go? Where it didn't go, it's still in the wallet, but it's in a different account separated.
[00:43:55] Unknown:
So let's pull those back for a second for the freaks in the back who are completely fucking lost right now.
[00:44:01] Unknown:
Definitely.
[00:44:02] Unknown:
The the I I I think the the place where we should start here is coin control. Coin control is this idea that for a lot of the freaks, your wallet that you're used to using, on mobile or even, like, one of the mainstream hardware wallets, like a treasure wallet dottreasure.io or ledger, it they they hide they hide the the gory details from you because they want to make it easier for you. But what they do is is is really when you have a wallet and it says, let's say, it's it says you have 40,000,000 sats in your wallet. Really, it's not just 40,000,000 sats in your wallet. There's all these different transactions in your wallet.
UTXO's unspent transaction outputs is what we call them that add up to 40,000,000 sats. So you have, like, one that's 10,000,000 sat, one that's 5,000,000 sat, one that's 15,000,000 sat, and they're all coming from presumably different sources. If I if I pay if I pay Open Arms 5,000,000 sats and his mom for Christmas pays him 3,000,000 sats, his wallet says 8,000,000 sats, but, really, there's one transaction for me and one transaction from his mom. So if he chooses the transaction for me to spend it, if he spends it if he combines those together, then me and his mom both know he owns that other transaction. So there's this there's this,
[00:45:27] Unknown:
there was this I'm gonna
[00:45:29] Unknown:
Unfortunately, you should pay heuristic. Correct? Right. But unfortunately, in Bitcoin land, there was this push by all these software wallet makers to kinda hide that from the user, and it it was a major negative to privacy. So now we have wallets like Wasabi, you know, Joy Market already had coin control. Bitcoin Core has always had coin control. But Wasabi was, like, one of the first consumer grade wallets for, like, the average consumer that just fucking put it right in front of you. You you had to use coin control, they forced it on you, and you had to label everything. And labeling is important because in 5 years when it comes time to spend, you're not gonna remember which transaction came from me and which transaction came from Open Arms' mom, so you need to fucking label it. But the problem exists that if we're trying to increase adoption here, expecting a user to it's like the unfortunate like, expecting a user to, like, use critical thinking and logic for every transaction they make and selecting their their inputs seems like a lost fucking cause. Like, how many users can we expect to do that?
Is that is that am I wrong here? Like, is it is it am I just jaded?
[00:46:41] Unknown:
Oh, you're absolutely correct. I mean, the last last many, one and a half year, I was thinking about how to remove coin control. And what does coin control really what what's the purpose behind it? Like, what what what does this one to to actually do? And and, you know, yeah, I I I go into this. So, I think there are 22 very important things here is coin control. You want to somehow this is somehow avoid change. This is change avoidance. You want to avoid changes in transactions, and and and we will have a solution for that. But the other other thing is which which is which is the labels or or more more precisely, what you're really interested in is about not the individual coins in terms of privacy, but what you're interested in is the the wallet, the clusters that an outside blockchain analysis might establish from your wallet content. And that makes it much simpler if if you think about it. Because instead of having a 100 coin in your wallet seeing a 100 coin in your wallet now, you would only see a couple of clusters belonging to multi, connected to multiple entities who might know about those clusters.
And and I think we can do that. But even further, but, well, a long time ago, we realized is that, you know, there isn't money much difference between mixed coins. Like, there is no reason to have coin control for mixed coins except chain ex except for change avoidance. And and yeah. So I think we should be able to remove it.
[00:49:00] Unknown:
Yeah. But so two things there. Let's unpack that a little bit. First of all, that last point is one of the reasons why I've been so outspoken about equal output coin joints, or just some kind like, this idea that it allows you to almost press a reset button on a coin's history. You know, you have a wallet that has a bunch of UTXO's and you didn't fucking do any labeling at the time. You have no idea, where any of those came from. If you had a a effective coin join implementation that you could use, you could almost, in effect, reset all of those UTXO's back to a base where where it doesn't matter which one you spend.
So there's a way to kind of reduce the need necessarily for for stringent recording and coin and coin control usage by an individual. I I it it's it seems like it's mostly a dream still, but there's something to be said there, especially if you use it in terms of and we'll get into this later, but something like lightning. Right? Where you if a while, like, automatically turns turns an output that you don't know what the history of it is into a coin join output, resets it, and then opens a channel with it, and then you spend on lightning going forward to have, like, some kind of level of forward privacy. The first thing you mentioned, are you, like, implying that to have, like, a wallet that that almost runs, like, on the fly chain analysis on your on your UTXO's to group them together?
[00:50:34] Unknown:
Yes. Exactly. It's much easier to do if you know exactly the wallet content.
[00:50:41] Unknown:
But, I mean, that's that'd be very computationally intensive. Right?
[00:50:46] Unknown:
Oh, no. Because you know the wallet content. You know exactly what came came from where, and then you can apply some basic heuristic, like, common ownership heuristics and, you know, use labeling,
[00:50:57] Unknown:
though? Is that what you're insinuating? Like, you use the labels to group them together, or is is the user is the user providing any information here?
[00:51:07] Unknown:
Yes. You use the labels to to create the clusters.
[00:51:12] Unknown:
I mean, this this is quite quite simple thing if you see the transaction graph and you have the you have the history of the coins and you have, obviously, the wallets already together. Like, joint market has automatic labeling as well, and this exactly, by these principles with a very simple kind of couple of lines of Python script. It does label the UTXOs to to deposit, change outputs, a non coin joint output, a coin joint output, and like address reused and things like that. So so, I mean, it is a transaction analysis rather than chain analysis, I would say, because the it doesn't really go back in the history.
[00:52:02] Unknown:
Yes. That's a good point.
[00:52:05] Unknown:
I mean, it's it's kind of, I mean, would do we are we expecting, like are are are these, like, you know, so called compliance bros? Are we gonna have, like I guess I'm kind of just getting really tangential here, but I'm gonna come back, but do we do we expect that they're gonna have, like, merchant wallets that are designed to actually, like, integrate some of these chain surveillance companies to do, like, on the fly fucking transaction analysis as as you're paying them? Like, are are is this a concern? That's already happening with the exchanges. Right? I mean, you know, all the all all the ones which are flagging coin joints, you know, they But, I mean, are is, like, a are we gonna have, like, a pop popular mobile wallets implemented and shit? Like obviously the custodial platforms are already doing this behind closed doors.
[00:52:56] Unknown:
I mean, there is Perogales, for example, which does show you this kind of transaction analysis write up, you know, of the bet on the on the GUI of the wallet. Obviously, it doesn't go back into the history, but it's good. There is no reason to to not do that. But that's the point that it should make no sense to do it because it should be just a mess. That's what we are trying to, achieve to improve the entropy of these transactions and, you know, just then you are just, kind of, fishing in the in the modern waters for some kind of information that but there would be no nothing which you can find out.
[00:53:41] Unknown:
So so yeah. Yeah. Go. Yeah. That that's a good point that, you know, when you're mixing, then it doesn't have to do any chain analysis because on your mixed coins, the only thing that coin control does at that point is that you can avoid changes. And if you can implement something that helps the user avoid changes, then you don't need coin control for mixed coins. Now for not mixed coins, which are the labeled coins, that's where Chainalysis must be well, okay. So I I think we don't have a a choice here. Right? Like, one choice is that we don't do any coin control and any blockchain on any wallet inter wallets analysis. I'm I'm not sure how how to to call it, but that's that's a bad thing. Right? Because then everything is connected together like like in in normal valets. You eventually end up end up connecting together with common ownership heuristics or your UTXs. So that's not good. So you you have to have coin control then, or this kind of chain are easy too, which makes it somewhat easier than a coin control.
[00:55:02] Unknown:
I mean, the the one solution or or, like, help here is, obviously we are thinking along alongside that, you have a mixed coin and it doesn't matter which one you spend you spend and but unfortunately it's very rarely possible that you won't have a change. And then, okay, you have one change and you labeled that that you have you have paid for groceries or whatever, and then you make another donation for like HRF or anything, and then maybe you do send another one to tool project, which might have be seen, kind of it could be even illegal in your country. And then you have 3 changes like this. And then when you send these changes together, then it will be obvious to the one who you're who you're paying with this merge transaction that you've been paying to a project and the grocery shop and the, and HRF as well. And, also, we'll see that's how much it was.
[00:56:05] Unknown:
But Uh-huh. Unless
[00:56:07] Unknown:
Yes. I mean, that's where this kind of so called post mix tools or kind of the spending can be different like you can do with some implementations. For example, in join market, you can pay with inside a coin join. Also, you can use page join where the transaction amount is not obvious and also the common ownership common input ownership is broken as well. So, you know, there are ways to make that change coming from the spending of that, mixed UTX, so not be toxic so called.
[00:56:46] Unknown:
Yeah. Yes. So that that's a good point. So for example, page join is a is a somewhat of a solution to that. Mixing the change is somewhat of a solution. The question is, how would you avoid change without coin control? A then you click continue. And there is a you you don't send a transaction just yet, but there is a there is a there is a screen that that gives you 3 options. One of the option is you you you continue normally. Like, you send the exact amount that you typed in. The other two option is that you send a little bit less or a little bit more. And, you know, that little bit less and little bit more is not going to generate changes.
So I think that's an elegant way of of, trying to tackle this issue, and then we'll see what happens in practice. But we'll yeah. I I I'm hopeful.
[00:57:56] Unknown:
Yeah. And then also, another very obvious solution, which I do like to use now is to go to layers too. So you have a coin, which is a coin joint output, and especially in in June market, it can be any amount. Right? There are no mixed pools, but but no fixed amount pools, but you can coin join any amount you like. It will be an equal amount coin join, equal amount output, but only within that coin join. So you will have various various, sizes of coins in in your wallet, especially if you're running as a maker and you will allow other people to use your liquidity to coin join with. And you can take size UTXO you like. For example, I'm I don't know, will, want to spend, you know, £300 on groceries this month or let's see whatever, a £1,000.
So I take a UTXO which is slight slightly, which is similar to that amount which I want to spend in during a time for a similar purpose, and I open a lightning channel with it without creating a change. So there will be no toxic so called toxic change there at all. And then I don't I I keep this lightning wallet completely separate so it will be one pop key to that one UTXO, and I just spend it and I don't close the channel until I've spent all. And that would not create change again. And, also, if I didn't spend all the things for my groceries, it's something that I've been left behind that I can just use a soft service where it's, where I can get someone else's UTXO back for my lightning payment.
[00:59:39] Unknown:
But that that's a very good point. Rolling onto Lightning Network, the user doesn't care that much about how much money goes to the Lightning Network, and you can just get close to his intent and,
[00:59:52] Unknown:
hopefully, that's enough. Well, I mean, the goal I think for a lot of people in the space that a lot of developers I've talked to is is this idea that make every lightning, you know, channel open a coin joint, which could increase usage numbers. I mean, people have to open a coin, have to open a channel anyway. There's actually an incentive there, a nice incentive where it could be cheaper for them to open a channel into Lightning if they coin join at the same time and group with other people. And I I I think that kinda goes back to what I said previously, where I think the the first low hanging fruit goal should be reducing on chain fucking errors, because those are forever. So, I mean, we can go back and forth on the theoretical concerns of of Lightning privacy, which I think there are a lot of them. You know, New York City Bitcoiner and and friend Gleb, released, like, a paper a couple days ago on, I didn't wanna butcher his last name. It's like Numenko, released a paper on, like, lightning probing and all all these, you know, jamming channels and and trying to figure out channel balances and tracking lightning transactions, and pub keys are fixed right now. So there's a lot of there's there's a lot of concerns to me. Yeah.
[01:01:06] Unknown:
With the like are easy easy to prove. But you can use private channels and you can use parallel private channels as well, which, you know, makes it much more difficult. Right. But
[01:01:16] Unknown:
but but obviously,
[01:01:17] Unknown:
it's an important point. There. My my point is is my point is at least you remove that on chain issue. Right? You at least you remove that concern of that on chain footprint that's that's forever. Right? Like, that that that is that that is a major benefit there. But but I I just I just wanna pull this conversation back for a second, and I I posted a a but some people might think it was a, a theoretical question, but I don't consider it a theoretical question. It is something that I have to discuss a lot, behind closed doors, and I think it really brings the concerns to light about, like, what we're up against.
A lot of a lot of what people say is don't use KYC services, and and and we've talked on this on this show, a lot about the dangers of KYC and this information collection. And, I mean, I personally think, like, especially if you're not using, you know, you're not you're not using CoinJoin after you use a KYC service, you're, like, extra vulnerable. But let's forget about all that for a second. Let's pretend you're an activist or you're you're you're you're speaking to an activist in Malaysia, And oh, no. Fuck. I apologize. Myanmar. You're talking to an activist in Myanmar, Burma, and you have you have this military coup that happened. Right? They're cutting the Internet fucking they're cutting the Internet every night at curfew to make sure that their transgressions aren't getting released. They're doing active Internet surveillance on dissidents, and you're cut off from the banking system.
This is happening today. This exists today. We have we have protesters and activists on the on the ground there that that aren't able to get money in. If Bitcoin seems like a natural ally in that type of fight. But if they open the most common thing to say would be have them run a BTC pay server. Right? And they're running a BTC pay server, and they're accepting donations to that BTC pay server, they're gonna have so many little UTXOs that they have no idea where they came from. And to, like, this like, to expect, like, an activist on the ground to be able to run use prudent coin control, that kind of situation, seems completely impossible.
Like, am I am I wrong there? Like, is there is what is there a disconnect there? Like, what how what's what's your perspective on that?
[01:04:06] Unknown:
I do like that question on Twitter, which you posted about, you have you have the situation and what you recommend. And, I mean, the the consensus seems seem to be, which I do agree as well, that I mean, if you can do use Lightning, I mean, it could be even custodial, right, if you are not exposing if if it's not. But, I mean, it has an online require requirement. But you might as well do it since, like, proposing a new address every time would need that kind of online requirement anyway. And I I know where this goes. And also there's a question in the chat about pay names, which do, kind of deal with this that you are providing a new address automatically on the communicating on chain, basically.
The thing is you have these outputs which now are in your wallet. And, I mean, putting aside the concerns with PayNim that, you know, how you recover recover the wallet and, you know, how much it is compatible with the implementations, etcetera. I mean, this is this is, you know, getting getting very technical. But when you when you're merging these transactions, you are in the same place. Right? If you if you receive transactions through a pay name and you just take and merge them, how does it not connect the sources?
[01:05:38] Unknown:
Right. Pay NIMs have the same issue. Pay NIM solves Pay NIMs attempt to solve the PayNIM's alternatively it's it's it's Bitcoin's version of stealth address, which Monero has implemented. I kinda wanna see Liquid implement stealth addresses. I it's weird that they haven't yet. I think that could be, like, a killer feature, but I digress. The the the key aspect is you should and and this is something that that I hold very dear as a as a as a goal that I think I would love to see software developers focus on, besides Samurais, is this idea that you should be able to post a text string, without any hosting requirements that allows people to pay you in a relatively private way on Bitcoin.
And that's what PayNim's attempts to solve is is is this idea that, like, an activist who is who has, you know, a authoritarian government that's actively trying to destroy their way of life is gonna be able to run a 247 BTC pay server and manage, you know, liquidity constraints on lightning is fucking out of out of you know, never gonna happen. Like, that is just not a realistic expectation. Can they post on their social media? Can they post a single texturing? In this case, you know, the a a Paynam name or a payment code, which is really the PayNIM name links to a payment code.
Yes. Like, that seems very reasonable to me. The main negative of of PayNim is that they have this on chain it's on chain. And and so right now, you have this notification transaction with current fees. I mean, you're talking $25, $30, just to activate that process. Right? We just saw HRF just added Pay NIMs. If you wanna donate to HRF, you have to pay this this first you have to pay this notification transaction, which is is gonna get more and more expensive as Bitcoin pumps and as fees pump. And at the top of that, what you mentioned, Open Arms, you don't solve the after issue.
Right? You don't solve the issue that the that the activist is sitting on a ton of a ton of UTXOs that that, you know, they have to practice prudent coin control or go into CoinJoin at that point. Right? Right. 1 by 1. 1 by 1. And and anything that's underneath the lowest CoinJoin, amount, they wouldn't be able to unless at at join market, they could. Right? Exactly. No such thing to join market. Right. Yep.
[01:08:10] Unknown:
I mean, as 16102 mentions, and also as I wanted to tell the next thing is that you would need to have some kind of way to, communicate your donation place. Let it be a website or an email or somewhere where people can ping you. I mean, you can just publish
[01:08:30] Unknown:
Bitcoin addresses, you know. It is what Belcher does.
[01:08:33] Unknown:
Yeah. Exactly. It's so simple. You just need to have a website which on on a click maybe with some, you know, spam protection or like, you know, you need to solve a capture or something to to acquire it. You just dump thousands of addresses from your wallet, and you put it in a in a rolling basis.
[01:08:55] Unknown:
But then you're still running a 247 server to serve them up.
[01:09:00] Unknown:
Yeah. But the the the service requirement is what is, like, you know, serving a text based web page. That's I mean, you must be able to do that. Or that could be a Telegram bot, you know, or it could be I mean, it depends what kind of communication you are using. Right? But you see that you see see the significant advantage of something like a stealth address. Right?
[01:09:20] Unknown:
Yeah. That this is fixed. Yes. Yes. You can post you can send out a single tweet. It just has your stealth address on it, and every person who pays you automatically gets a new derived address. It's certainly much better than using just a just a fixed address because that's the other alternative.
[01:09:38] Unknown:
You know, there is there is not even a question. You cannot stop merging everything which comes to the same address, obviously. But then, yeah, I mean, that's that that is not a good solution, but that is that was so far the
[01:09:56] Unknown:
the way people did it. Right? I mean, custodial lightning, you mentioned that, is fucking great, in terms of privacy. I mean, it's not great for trust. It's custodial privacy is what it is. I mean, you're you're you're trusting whatever the custodian is with your privacy instead, and also regulators are just gonna crush that shit. But it is an it is an interesting point that you made because I think Bitcoin's privacy shortcomings were kinda hidden in the early days because we had so many custodial services. And then we made this push to self custody, which is great, but it comes with this privacy trade off. Right? Like, if you use the custodial service, there's no the on chain footprint issue is solved ish ish.
[01:10:41] Unknown:
Yeah.
[01:10:42] Unknown:
No Power, what's your opinion here? Donations, activists, you know, with Did you agree with me that this should be, like, this should be, like, the most obvious Bitcoin use case?
[01:10:55] Unknown:
I agree that there is a problem that stat addresses address, and actually 2 problems. Right? One is how do you accept donations privately? And as OpenOM said, there might be other ways like how Chris Butcher does it. But the other other big big big benefit of of stat addresses is is the user experience. Right? Like, you you basically save 1 round trip from with with another person, because they don't have to give you your address because you already know how to communicate value to them. So, yes, I'm not sure what what way it it will it will end up being I mean, I I hope this will be a standard at one point in the future. I'm just not sure what what standard we'll hear be. And and, actually, I would like to even go further and bring pay to endpoint in in into the conversation because, you know, pay join, in my mind at least is just one application of pay to endpoint.
Because what pay to endpoint really means is that you have a a peer to peer channel communication channel with another person. So I would I mean, just if if I would have to write something today regarding this, then what I would do is I would I would create I I would just just let users to pass around Tor addresses and and and then communicate there. And and the problem with that, of course, that what if the other person is not online? And my answer to that solution is that answer to that problem is that I don't think we have to address that problem because everyone's gonna be online.
I I'm not sure. Maybe it takes 5 years, maybe 10 years, maybe 50 years. But at one point in the future, in our lifetime, everyone's going to be always online. So that should not be a a problem, I think. Do do you not see, like, in a hostile environment?
[01:13:33] Unknown:
Page 1 has the same issue? Like, in a hostile environment, to to expect to expect someone to run a server 247 in a private way, it's like so it's a way it's a way greater ask to expect them to be able to do that without completely doxing themselves. And we already see it happening where if you try and use any kind of professional server unless you're using, like, not all, like, fucking keto miners, dope ass, fucking, you know, pay Bitcoin with no KYC whatsoever. We see creeping KYC happening on all of these server providers.
[01:14:09] Unknown:
Oh, oh, sorry. Sorry. I wasn't clear. So what what I wanted to say is that I I think we are gonna be online not with servers, but with our our laptops and our mobile phones, they gonna they gonna be online all the time, and and we won't have this problem of having to set up a server.
[01:14:30] Unknown:
Right. I mean, Tor helps in that regard. Right? Because Tor, you can actually, in a relatively private way, host some kind of page or something directly from your device without a server. I just wanted to show real quick on the screen, this is from NetBlocks, which tracks Internet freedom around the world. And this is this is the Myanmar government turning off Internet every night. They turn off the Internet every fucking night for the last 18 days they've been doing it. Like, this is this is not a this is not a theoretical thing, and it's gonna become more and more common that that when there's protest movements, the Internet's gonna get cut. Do we agree on this?
[01:15:19] Unknown:
Of course.
[01:15:21] Unknown:
Yes. I mean, in, you know, the more or less connected society to start it, the bigger problem it is, of course. I mean, you will have, like, satellite, machinist works, ray ham radios, etcetera. But, yeah, of course, it is a problem. You need to be able to to publish, like, you know, again, this is now getting into a difficult UX question, but again PGP signatures come come into mind here that if you can verify if you publish, you know, across many different, media or, like, social networks or anything, signed messages with Bitcoin addresses that, you know, this is the donation address of my of of that, kind of organization leading donations.
And then you can you can verify it, and you can see also if it was used or not. I mean, it's not ideal because, you know, you would,
[01:16:23] Unknown:
yes, in adversity, you would just be able to collect all of these addresses and obviously It doesn't give you any real privacy benefit over just posting a static fixed address. I mean, it's not obvious on chain at least. The attacker would have to actively pull them. Right?
[01:16:36] Unknown:
Yeah. Yeah. That's that's the only benefit. Yeah. I mean, you know, it to be honest, I mean, a single address does come into play here as well. But, yeah, a status would be advantageous, but also what what what is the so how many times if when you donate someone, do you are you intending to donate monthly or like weekly? You you usually just send a one off transaction. Right? So, I mean, I know that there is a proposal now improving b 47 that there which would require no notification transaction, but then it would need this tour channel, which tour Nupurra was mentioning, which would need to communicate with the with the senders. So either online or you need to communicate on chain only. Well, you could have, like, a coordinator
[01:17:22] Unknown:
just like we do for the chamion coin joints. You could have, like, a blinded coordinator that's that's serving up, instead of the notification transaction. Right? But let's Do you see what I'm saying? Like, the activist doesn't necessarily need to be online in that scenario. They could just be as long as regulators are fine, and it seems like they they're they it's everyone's walking a very tight rope here, but it seems like regulators are fine with these blinded coordinators. As long as they're fine with blinded coordinators, then presumably we could have a blinded bip 47 coordinator.
[01:18:06] Unknown:
Well, I mean, you know, I'm no expert on this, but it's probably things which, like, PLCs come into to mind as well that, you know, you might just use use an Oracle tweaking or sorting your address without it knowing it at all. But, you know, this is not available at the moment, or I wouldn't know how to set it up for sure.
[01:18:28] Unknown:
Okay. This has been great so far. I wanna keep the conversation moving. I have a bunch of topics I wanna hit on the scratch pad. CoinJoin flagging. We're seeing this happen more and more. Block BlockFind now is, like, leading the way in, like, the most draconian, screenshots. I mean, what is it? The Block 5 prohibited transaction screenshot that is circulating? I'll put it on the I'll put it on the screen in a second. This idea that that we have these regulated companies, that are flagging CoinJoin usage both on deposits and withdrawals. Some are doing it only in deposits, some are only doing it on withdrawals.
CoinJoin is obvious on chain. It's very obvious on chain, by design. What where what is your guys' perspective here? Should we expect like, I pretty much now I'm operating under the expectation that I just expect every single regulated entity to just not accept them. And and and that's coming from a person who's every stat I hold has CoinJoin history. So it's not FUD.
[01:19:44] Unknown:
Yeah. So, I mean, it's same here. I think, you know, at currently, just to be clear, this is always, to my knowledge, an overreach from the from the side of the provider. There is no legal requirement to flag coin joints because they are only missing the history. They're not I mean, at most most of the cases, they don't have it's, like, not taint in the classical sense that, you know, you have been paying a darknet market before and the transactions are connected. But it's just the fact that you wanted to be private, And there is no requirement to not accept these kind of transactions. Because as I've said in the beginning, you know, if we wouldn't do this, then we are coming to such a state of surveillance which have ever been seen before, and we have certainly wouldn't want to be the part of that. So these services, I think, you know, just avoid them. There is no reason to use any of these.
[01:20:51] Unknown:
No, Paul. What's your opinion here?
[01:20:55] Unknown:
I have many. Not even sure which ones to start with.
[01:20:59] Unknown:
Oh, we have time.
[01:21:01] Unknown:
If if if we want to boil down the the whole issue to to one question, then this is the question is, should pry seeking privacy be considered suspicious? And, well, unfortunately, the answer for many of these services is that yes.
[01:21:27] Unknown:
However
[01:21:30] Unknown:
or or maybe not not however, but as far as I can see, it there is no solution to this no technical solution to this, but only social solutions. Because if you if you think about it, let's use Monero. Right? That's that's the first answer. Well, if you are using Monero, then you are privacy seeking, so you should not be in that service. So they decide to not even implement it. That's a problem. So maybe I'll advertise Monero in a way that it's for never mind. Okay. So so what test do we have here? We we have coin joints, which which is which which are obvious on chain and that nothing's gonna fix that.
We have pay join and coin swap. Those are different things. Actually, pay join is a kind of coin join, but but in the sense, they are the same things because what page join does is it joins your history in the eyes of blockchain analysis with another person. And what coin swaps do is it swaps your history with another person. So, well, it's not obvious that that coin swap or page only happened. But the problem is that if you are swapping with the wrong person, that's that's again a problem. So so I don't oh, and there is lightning network. Actually, the the electrum Electrum tool developer, said in a conference a couple of years ago that, you know, lightning network shouldn't even be called lightning network. It should be called the dark network because it's just, it just it's basically a social solution to to the is privacy should be should be suspicious that you can say, well, I'm transacting with Lightning because I want to I want want it cheap, and I want it fast.
But on the other hand, I mean, there were lightning network know your customer and and and and and similar,
[01:24:10] Unknown:
things are already going up. I mean, I think I think we're gonna see I'm not trying to, like, it's it's so it's super frustrating. I, you know, I do it to myself. I'm a little bit of masochist. I like talking about the hard topics, so I tend to have, you know, I I tend to dive right into every single drama topic, and, you know, so I get chirped out all the time. But I do expect, you know, I think we're gonna watch lightning. We're gonna watch regulated companies try and capture the fuck out of lightning, and the governments that they report to try and capture the fuck out of lightning. Like, I'm talking about, you know, pub keys that are white listed versus pub keys that are black listed, like big documents, you know, databases of of who's using what, channel capacities, all this different stuff. But I but I do agree that, you know, Lightning has significant significant privacy improvements, that that could be taken advantage of there. I do think 2 things here that I think I'm kind of curious on your opinion of from from both of you is, the the the first thing is I think, ultimately, my expectation is that regulated entities are gonna basically at at least discourage self custody, across the board, if not completely not allow it. Right? And we already see that happening with services like Robinhood or PayPal where you can't withdraw.
They might allow you deposit, but they won't let you withdraw Bitcoin and hold it yourself. I think that's the natural end goal if we have any kind of Bitcoin, as as as it becomes easier to use Bitcoin privately, the natural end goal is gonna be that they're just gonna try and cut it off, and they're just gonna try and make it so regulated entities only let you have numbers on the screen and pay approved people or pay approved merchants, yada yada yada. The second I almost I feel like we should reframe this whole discussion. I don't think the fact that CoinJoin is obvious on chain is this massive negative.
I mean, the standard for protecting speech is encryption. If you if if you use encryption, if I send Open Arms an encrypted message, it is absolutely obvious to anyone watching that that message that we're using encryption. They don't know what the contents of of of the message are, but they absolutely know that we're using encryption. How is that any different than them absolutely knowing we're using CoinJoin, but, you know, if the implementation works well, they they they can't tell this, you know, the history of the funds? How is that any fucking different?
[01:26:52] Unknown:
That that's exactly the same. Right? It's the question of should seeking privacy be considered suspicious, and and and the best way would be that if seeking privacy would be the default, then no one could be able to make this argument. Right?
[01:27:12] Unknown:
Open arms. What's your perspective here?
[01:27:15] Unknown:
Well, I I I agree that, you know, lightning paying with lightning does have much better values here because you just don't see there is no way to see where the sets are coming from. So the sets on lightning are much more fungible. And this is because you would need active real time surveillance to to prove all the public channels and even then you wouldn't be able to see maybe you would you could estimate where, you know, which was the first public channel where the payment is coming from, but this adoption increases as the number of payments increases as we introduce, you know, some kind of, things which do fail payments randomly, for example, or, like, you know, rebel ultimate rebalances and things. They do change the picture so often and, unpredictably that this is, you know, this is not really realistic. It's just very good to, know, have these articles, researching it and, you know, I love to read them but also it it is to see the pain points and, you know, be able to to work more on it. So and lightning is is is I see it as a solution at least to spend.
But then the same thing applies that if you don't apply if you don't allow coin joint payments or coin joint funds to be deposited, then you wouldn't allow lightning deposits either. And if you can see it, this, for example, with the with bottle pay is like, you know, came to the UK market straight on, and in a couple of days they started to block coin joints because they probably, you know, did it from I mean, yeah, I I I didn't go into that why, but it's a bad thing. And they allow lightning trans lightning deposits, but it's very limited. Like, you can like, a couple of pounds you can deposit only. Right? So obviously it's it's it's the same thing. If there is even there there is a thing which could be private, or let's see that you know why would anyone allow Monero deposits if they don't allow coin joint payments and lightning deposits either.
So it's the same problem. We need to step step up and Can I just iron, steel man that for a second? Okay.
[01:29:51] Unknown:
Well, first of all, disclosure, I am a Pfizer of, bottle pay and have a small equity position as a result in that. Okay. That is not a there's the that agreement has no endorsement, or paid promotion involved in it. My goal is to try and make that product as possible, so just I want that to be aware. You know, obviously, I disagree with with their idea to to to Blockcoin join, deposits. I I literally cannot use the service besides the fact that it's UK only, but I could not use the service, to deposit funds into, because of of my CoinJoin history.
So I wanna steal, man, your your thing about so I say this all the time too. I agree. The the the ultimate the ultimate end goal is, like, if if, if a service is gonna discriminate against something that is privacy preserving deposit, they're gonna do it across the board. A Monero promoter would tell you though, and they've told me many times, and it's actually a very valid point, I think, and I'm curious on your opinion, is Kraken's a perfect example. Kraken has accepted Monero deposits for years now. Also, at the same time, they have active contracts with chain surveillance firms, where they are discriminating against, user deposits. Right? They're, like, checking Bitcoin history, but at the same time accepting Monero deposits.
So is there is that true? Are we correct in that regard? Or is it just, like, a a low time preference thing, like, it'll happen eventually, it just hasn't happened yet?
[01:31:31] Unknown:
Well, look. Bitfinex does, allow, KYC free lightning deposits to no limit, and you can withdraw Bitcoin as well if you pay the fee. You can even withdraw liquid or you can do the other ways around to deposit liquid or lightning and withdraw a light or liquid. Yeah. So any combination. Right? You don't even need to KYC for it. But that doesn't prove the point that if you want to if you are allowed and we don't step up to stop you know, if we allow people or governments to strip us from our rights to be private, then we are in the Orwell 1984. And, you know, that is not acceptable, and that's not because of the if the technology is flawed, but because that's what the regulators put to us.
[01:32:33] Unknown:
You know, ultimately, there is maybe only one one solution that I can see is that we build better sheet, we build build better software, and we outcompete them. And if if we are right if we are right about that, users are going to choose our solutions because we are better than they are going to choose our solutions. And and, well, privacy becomes the norm and not a not a crime.
[01:33:08] Unknown:
Yeah. I mean, need to continue to maximize the ability to do peers to peers transactions freely, Freely as in freedom. And then, you know, we can oppose the regulators because we don't need to use services. We don't need to participate in k y KYC. I don't even need to consider sending coin coin join UTXOs to to the exchange because I don't use exchanges. And Right. Not going to be either.
[01:33:36] Unknown:
A lot of new coiners find it hard to believe, but I have literally never deposited any Bitcoin into any regulated service ever, period. And I have no intention to ever do that in the future. It's an exit. You have to exit the system. But do you agree here well, I guess, do you agree that there's, like, a sense of urgency here? Like, I feel like there's a sense of urgency. Like, we need Bitcoiners to be aware of this shit. They need to be aware of it yesterday, and they we need to increase adoption. I'm about to pull up a this is Kraken, you know, they have shitcoin issues, but, Jesse Powell, the Kraken founder, has been very outspoken about information collection and being against that and and pushing back against government overreach.
And in that regard, they're they lead the way with their information disclosures in terms of of how much information is asked, from them from governments. So I'm putting on the screen for the people who are watching live or watching the video version, This is their law enforcement request. It's a fucking issue, man. Like, this is crazy.
[01:34:49] Unknown:
Well,
[01:34:53] Unknown:
yeah, you shouldn't expose yourself to this. And, you know, raising awareness of it and explaining why it is important, I think, you know, I I I try to do, for example, like, regular tweets about what's the value in coin joints. You know? And I do believe that fungible coins are more valuable, the ones which are trace traceable and tied to an identity. And not because, you know, one you can sell and exchange another one not, but because the fungible ones you can spend as you like without exposing your history and exposing your your position and privacy.
[01:35:30] Unknown:
I I think I think Matt is is is coming back to to the same same similar topic all all the time, which is I think there is a there is a there is a conflict between some developers who who acknowledge that trusted third parties are security risk, and so we should stay as far away from them as possible and not do anything. But on the other hand, you know, celebrities are posting about Bitcoin. Elon Musk is is bringing up, bringing in a flood of new users. And and, you know, if you think about in it it that way then, sure, trusted third parties are security risk.
But how can you maximize the good that you can can do? And that would be like like trying to be a user friendly applications that well, at at first, make sure it's non custody. Hopefully, I I think that's that's a good line there. The other thing is try to improve your the privacy of your users. What else do we have? Oh, yeah. The people at the Lightning Network, they want to fix the scaling issue. And and the last last front here, which no one really talks about anymore, is that decentralized the miners, because we kinda lost that far at at this point.
So so so, yeah, there is a sense of urgency. Right? And and if we we consider that we don't don't touch any any any trusted third party, we don't consider them at all, then, you don't maximize the good that you can do in the world. However, just just just solely on the blacklisting list issue, I I I believe if we build stuff into our software that is that is considering the blacklisting, then that's the lowest level where we can be at staffing to and acknowledge the blacklisting issue, and and that's that's that's how you lose it.
[01:38:09] Unknown:
I mean, look, I a 100% agree. We've said this on the show a 1000000 times. Trust your parties are security holes. You wanna use trust minimized services as much as possible. Anyone who uses the word trustless is probably acting in bad faith because there's very few things in our life that actually have zero trust whatsoever. But there there is an interesting disconnect between, Bitcoin Twitter and the real world where we see the overwhelming majority of of privacy seeking Bitcoin users, especially before Wasabi existed, but even now, choose to go with custodial mixers, which have, you know, obviously, like, they've they've been accused of being honey pots in the past. You have to have complete trust in them, but they they a 100% break the the transaction graph. So I I would there there is there's a nuanced argument here, and and and Open Arms kinda said it on, on his own. Right? And someone said in the comments, I think it was I think it was Kiteminer said in the comments, Wallet of Satoshi, like, could custodial a custodial wallet, provides a a level of privacy that that that breaks that transaction graph, but then you have to trust that entity. Right?
[01:39:37] Unknown:
Yeah. You know, that's that's a huge mystery for me because you asked me what I learned. And one of the assumption that I had when launching wasabi is that, you know, it's it's it's just like custody on mixers. It's just does not need a third party trust, and it it and it's it's non custody. Yeah. And, you know, I thought that, well, I'm gonna launch for savvy, and everyone's gonna come right away and start using it. But that didn't happen. It took, like, a year to get a decent volume at wasabi, and and and the castor diar mixers are still the the the majority of the
[01:40:26] Unknown:
Like, it's not even close. Right? Users. They're they're having they have way, way, way more volume.
[01:40:33] Unknown:
Exact exactly. Actually, I I I did calculations. I I don't know if they are correct, but back then my calculations were that if we have 100 people in the coin join, then taking the cast of the almixer volume, we would be able to do a 100 people coin join in every 3 to 5 minutes. Well, we are not there.
[01:41:00] Unknown:
Open Arms, do you have an opinion on this disconnect? Like, I feel like there's, like, a massive disconnect between, like, the users and the the, you know, the so called Bitcoin fanatics like you call them.
[01:41:13] Unknown:
Yeah. I mean, I'm not sure how we can prove the the volume on on costidore mixers. I mean, wouldn't that be just, so called, like, wash wash mixing, so called? You know, you just,
[01:41:25] Unknown:
Yeah. I mean, there's the it's it's I mean, look, to if we're gonna be frank, we we can't we can't really definitively prove the the volume of any of these tools. We do. Because there there is an incentive that is is is built into these centralized, coordinated coin joints to inflate volumes, and and you you can absolutely, you you can you can absolutely, inflate volumes on join market as well. Right? But if you look at, like, Bitcoin talk signatures and stuff, Bitcoin talk conversations, dread, like you look at the forums, you look at, like, the dark net market forums and stuff, people don't realize like the 1st custodial mixer, the 1st really widespread used custodial mixer was Silk Road. Right?
You see the users talking about it. They're use they're people are using it.
[01:42:22] Unknown:
Yeah. Because it's easy. I mean, the other other thing is to is just how small, but incentive to participate. I mean, you know, I I I feel that with the Lightning Network as well as with joint markets that you can without giving up up custody of your funds, you can participate in something which you can think I think it is beneficial either like providing liquidity on the light network for routing and people to pastry or for coin join liquidity in in join market, and you can actually earn make some set of shoes out of it. It is a good feeling. And it also, you know, happens because you have these people who have this mindset that you your money should do something. Right? This comes from a fiat mindset of basically from an inflationary currency. But there are these things which you can do without giving up the custody and your security of your funds and even you can I mean, for both things, you get you get some usefulness out of it? If you have your funds on lightning, you have basically the most liquid way of having Bitcoin around in your custody. And in coin join, as even as a maker, as a liquidity provider, you are increasing the privacy of your of your funds.
[01:43:37] Unknown:
Well, so just to be clear here, so 61 2 asked me or asked all of us in the live chat, what is the incentive to inflate joint market volume? I didn't mean to really so the incentive for coordinated coin joins, like Wasabi and Samurai is to make it seem like there's more people using it, and then they those coordinators make more in fees. And in Wasabi, there's actually because the fees scale up with the the more the more inputs in a in a coin join, there's actually a reverse incentive where if if they were to increase the volume, they would make more in fees in addition to just making it perceived more common.
With join market, that's not the case because you don't have a centralized coordinator, you have this maker taker structure. What I meant to what what I meant is I didn't mean to imply that there's an incentive to to to in inflate joint market numbers. What I meant to say is is that the volume numbers should be treated as an upper bound, because you can a let's let's run through a hypothetical. A hypothetical being a major chain surveillance firm that is valued at $3,000,000,000 is is is providing maker maker liquidity on on join market to have a better insight on what's happening over there.
And they're also running a taker bot that runs through the maker to make it seem like more people are using join markets, so people feel more comfortable and come over there and end up using them as a maker. So there there it should it should always be treated as the upper bound. It should not be treated as a hard number. It should be treated as, okay, we know there's not more than this volume. There's there's there could be as much as this volume, but it's probably somewhere below that. Would you agree, both of you?
[01:45:33] Unknown:
Yeah. Yeah. Of course. It's just, you know, obviously, this entity would end up paying random makers, you know, money which is, I mean, you know, they they got the service because they paid for it. Obviously, this is not good. But then you would yeah. Also you don't need to be closed into one of the, you know, gardens of one solution to this. Not speaking of, like, one coin joint implementation and also not speak about one privacy technique. Right? You can combine nowadays. I think I do think there's a best is to coin join and go to lightning. And then when you go off go from go out from lightning because you close the channel with the balance, you go back to coinjoin. And then again, you only have to only open another channel when you have CoinJoin those funds. And, you know, it's just, you need to jump between these things.
No problem.
[01:46:34] Unknown:
Yeah. No one really talks about this. Do you agree with me that there's a broken incentive? Like, I I I I believe you guys are I I love your team. I don't think you're I would never call you a spook. I I I don't, I don't like that that these things always devolve into personal attacks. But do you agree with me that, like, that as as a coordinator in the Wasabi implementation, the coordinator is able to they they have a broken incentive where if they inflate the volume numbers, if they run their own funds through Wasabi, the the fees are increased?
[01:47:11] Unknown:
So I I actually would like to go even deeper into this this topic with you because because if so so so I was research I was trying to familiarize myself with your views. And and if I'm not mistaken, then this topic is your main criticism of Wasabi. Is is that correct?
[01:47:40] Unknown:
My main criticism is is that mixed with the fact that I think the user defaults, which we we touched on earlier, I think the user defaults are are are are not adequate. Like, I feel like when I onboard someone onto Wasabi, I have to tell them, like, a bunch of a bunch of best practices that they have to change after they get onboarded.
[01:48:04] Unknown:
Oh, alright. So let let let's let's stick with maybe this topic at first, and then we'll see where we are going from here. So, let let me see. Maybe I just I just bring up a few statistics that may be may be relevant later. No. I mean, before we get there, just, like, really quick, like
[01:48:26] Unknown:
like, Wasabi fees are based on the number of inputs in a in a round. Right? They scale up. If if I if it's a 100 person if it's a 100 UTXO round, it's more expensive for the user than if it's a a a a 25 person a 25 UTXO round. Right? Uh-huh. Exactly. And And the fees are paid to the Wasabi coordinator, which is the the coordinator itself. So, obviously, it's not providing civil resistance to the coordinator itself unless unless on chain fees are high. I'll give you that. But on chain fees have not been high in the past.
[01:49:01] Unknown:
Oh, okay. So that's that's where we are diverging. Okay. Because I agree with you that there is an economical incentive for the coordinator to do to to participate, but I do not agree with the implications there. But anyhow, be because because it's would you like to say something else?
[01:49:25] Unknown:
No. I'm not I'm I'm letting you speak. I I I just it's it's not that I'm not trying to accuse you of doing it. I'm just saying that, you know, that's what makes it trust minimized service rather than something that's trustless. I mean, you have to like, we're trusting that you're not sibling your own rounds.
[01:49:42] Unknown:
Uh-huh. Okay. So would you mind explaining what do you mean by CPL attack?
[01:49:53] Unknown:
I I mean, filling the rounds with your own UTXOs to increase the fees of of your own rounds. Right? Because because the the the historically, as a user of of Wasabi, I paid you a large amount in coinjoin fees, and those coinjoin fees are significantly higher than on chain fees I paid. It's it's not even close. Like, the like like, when the on chain fees flip the CoinJoin fees, then that's a a proper incentive, and I think that will happen in the future. It just has not happened yet.
[01:50:33] Unknown:
Alright. So the the intuition there is, if you think about it, let's say, 99 honest users and one coordinator peer. And and the question is, does it make sense to add the coordinator peer there? Do we do we get would we get more money out of the the coin joints than what we put in? Right? That's that's the question.
[01:51:00] Unknown:
Right.
[01:51:01] Unknown:
Yes. And and the answer is yes. We would get more money, out of the coin join if we would participate. Okay. So let's let's look at the lower end here, which is there is only one honest user. So would it make sense for us to to add the coordinator peer?
[01:51:26] Unknown:
What do you mean?
[01:51:28] Unknown:
I mean, if there is one honest user, does it make sense the coordinator to coin join with that honest user?
[01:51:37] Unknown:
Well, I mean I mean, that that that is User pays for it. Yeah. What was that, Openoms? The user pays for it. Of course, it would. Yeah. It would still it'd still be worth it. You'd still make money.
[01:51:49] Unknown:
The coordinator also pays network fees.
[01:51:53] Unknown:
Right. If if if network fees go up if network fees go up, which they have been recently, then then all of a sudden the incentive starts working itself out. But historically and also the other thing is if rounds are routinely full, if they're hitting the 100100 UTXO cap, you're leaving fees on the table if you try and come in, but both of those things haven't been the case. The other thing is this is not just Wasabi this is not just your coordinator. There there are other coordinators that you can use with Wasabi. All those coordinators have the broken incentive to inflate their own volume.
[01:52:36] Unknown:
Oh, okay. I I just want to to go exactly precisely into what the incentive what is it incentivizing for because, you know, it's it's not that hard. And and if you think about it, not think about it, average network fees per user in Vasavi coin joins in the last month was $2, and the coordinator fee, per participant, per anonymity set is $0.16. So what we can get out of this is that 99 honest peers all pay $0.16 for 1 more coordinator peer. Right?
[01:53:25] Unknown:
You're implying that the network fee is more expensive than the coin joint fee.
[01:53:31] Unknown:
Oh, I'm I'm no. No. No. I'm I'm implying exactly what are the network fees here and what are the coin join fees.
[01:53:38] Unknown:
The when when if the user uses Wasabi, the coin joint fee is the significant expense. Is that the the the fee I pay you is significantly more expensive than the fee I pay the Bitcoin miners. Right?
[01:53:52] Unknown:
I'm not sure that's the case, but I don't think that's relevant.
[01:53:57] Unknown:
That is the crux of the that's the crux of the incentive issue. Look. I I and I I wanna be absolutely clear here. Any centralized coordinated coin joint in my mind does not provide civil resistance against the coordinator. If the coordinator wants to attack you, the coordinator can do so at minimal cost because they don't have to pay the CoinJoin fee regardless. My issue is that in the way Wasabi is implemented currently, the there is actually even worse than that because there's a direct financial incentive for the coordinator to increase the for the coordinator to push their own volume through the system.
[01:54:40] Unknown:
Yeah. Yes. Exactly. It's just it's just not not not a silly incentive, but, you know, because do you do you understand why it doesn't make sense for the coordinator to participate if only 1 user there one honest user there is because the coordinator piece pays more network fees than the than how much the user would pay for coordinator fees.
[01:55:13] Unknown:
I don't think that's the case. I think I think the coordinator fees outpace the network fees currently. No. No. I I I see what you mean, but, you know, this is an extreme extreme
[01:55:23] Unknown:
example of having just one honest user but let's say we have 50 honest users and you have 50 from the coordinator then, you know, you would increase the reward with 50 times. Right? Significantly.
[01:55:37] Unknown:
Even if you weren't trying to deanonymize them, you're just trying to make money. You're just trying to print money.
[01:55:42] Unknown:
Exactly. That's where I'm going with it. Right? Like, first, we guide some in the 99 honest peers plus one coordinator peer, and one more coordinator peer would add $0.16 gets $0.16 from every Anna's peer. So that's 99 times 0.16. Okay. And and on the other end, when there is only 1 honest user, then we also established it doesn't make sense, the coordinator, to join in. So somewhere in between, it makes sense. Can can you guys follow? Yeah.
[01:56:31] Unknown:
Look. My my point is is I I think I think as on chain fees increase, that provides a natural civil defense to the centralized coordinators. It just has not been the case so far. I think a fixed fee to enter a CoinJoin liquidity pool is as a a way better incentive in this scenario, because increasing volume doesn't get you more in fees, period. I I I I think as a Wasabi user who paid significant amount of Sats to you guys, like, I I I don't even want to go back and count how much Bitcoin I paid you guys. Like, I paid you guys a lot of fucking Bitcoin to provide me privacy improvement.
That was based on a perceived an onset. Okay? It was based on how many people were in my round. And all of a sudden, there's this incentive that's been there from the beginning that the coordinator can be adding to that perceived onset when it's really not I'm not actually getting any privacy gain from that, but I'm paying for it. And then on top of that, the average user, because of the way the defaults are set up, are going, and they're they're they're ruining their forward privacy, which ruins my Anans set going forward. Right? So if I if, let's say, I have 30 Honest Peers, and those 30 Honest Peers, you know, 15 of them send their funds into BlockFi, and, you know, 5 of them send it to OpenOM's mom and then, like, 2 send it to someone else. Like, all of a sudden, my Ananset is, like, 3, and I don't even fucking know. I have no fucking idea. It degrades rapidly, and I'm paying a premium for it.
Do you does does that issue not make sense?
[01:58:33] Unknown:
I'm I'm I'm not sure I'm following.
[01:58:38] Unknown:
So so to be a little bit more productive, Wasabi 2.0, is coming out hopefully in the next, like, 6 months, right, or 8 months? When do when do we expect Wasabi 2 point o? It doesn't matter. Wasabi 2 point o is coming as soon as possible. With Wasabi 2 point o, I'm gonna try and do a a high level description. Tell me if I'm wrong. Users come in. They go and they they they basically exchange their Bitcoin for, like, a a momentary token that is managed by the coordinator blind blindly, and then they can apply that token to future transactions. Right?
Is that a good high level description of a Savvy 2 point o? What?
[01:59:27] Unknown:
So so this happens I I'm I'm sorry. There are just a lot of topics glossing over and but but but, it happens within a coin join. I'm I'm not sure that's what you meant. Not future transactions, but this happens within 1 coin join.
[01:59:48] Unknown:
Was so so so what I'm trying to ask is is how's what is the fee structure in Wasabi 2 point o? Is is it is it will the Wasabi is the Wasabi fee structure the same as Wasabi 1 point o, or is it is it is it is it a fixed fee? What what is is it changed at all?
[02:00:07] Unknown:
So it has to be changed because the system is completely different. Also, because of the fee incentive we did not succeed to to go too much into. And, also, because we would like to to create to to to enable sharing the revenue with other services who are building on top of the WhatsApp, daemon. And, unfortunately, I can't say how exactly these fees will be because I'm not 100% convinced that there is a anonymous way to share revenue. And if if so so that that that's very important in terms of how how the fees would be would be would be there. Right? So so it's not figured out at this point, but definitely has to change for multiple reasons.
[02:01:13] Unknown:
Okay. Do you can you give us, like, a high level, you know, high level kind of description of of the goal of Wasabi 2 point o? Like, how like, how it works. So high level kind of, explain it like we're a Bitcoin fanatic. You know, not I don't I don't have to be 5 years old. I just need to have, like, a high level kind of discussion here.
[02:01:36] Unknown:
Sure. So it's going to work like a normal Bitcoin wallet, except that when you are sending transactions, you are always sending mixed coins, except when you did not have the time to mix them. And it should it does not ask you to manually mix, but the the privacy things are happening all in the background. So so, basically, a normal Bitcoin wallet with with a couple of tweaks regarding the how we we were able to replace coin control, but not exactly the same way as other wallets are doing it. But, but, yeah, for example, the cluster selection or the the the change avoidance, but but, like, a normal Bitcoin wallet, it's privacy by default. Right?
[02:02:39] Unknown:
Yeah. I mean, so, like, my my, like, kind of understanding of it is, like, almost like you you you, like, you you get a share of whatever the round is, and then you can apply that share outside. You you can you can apply that share however you want. So you can come out with different you can come in with different amounts, and you can come out with different amounts than having, like, equal output coin joints. Is that correct?
[02:03:09] Unknown:
Alright. So so the amount organization is also something we did not fully fleshed out, but we fleshed out in a way that I'm comfortable with to a point that I'm comfortable with it even if it would be it would be rolled out as it is as far as we figured out, but others want to do some other stuff. Never mind. But how this works is that you come in with arbitrary input amounts, And you can come with multiple input inputs or only one input, doesn't matter, and and you can break them in any way, shape, or form except for privacy.
You don't break them in any way, shape, or form. But what we found is the most blockchain efficient solution that we we came up with is is that every user looks at every other user's inputs. And based on those inputs, they randomly generate a bunch of solutions with a bunch of, denomination systems, like powers of 2, powers of 3, preferred value series. But they are generating randomly a bunch of solution, and one of the solution will be submitted, to to have their outputs. And this resulted in pretty good anonymity sets, like, around it's variable. So so so sometimes it's 2, sometimes it's 20.
It depends. But we don't really have changes anymore, and we are able to mix all the all the inputs in in one go, and and there is no minimum denomination. So it's it's it's actually pretty cool, and we worked very hard on that for one and a half year. So so, yeah, it's like I think this is how far coin joins can can potentially go if you don't consider all these kind of crazy things like coin joins, coin swaps and coin joins, or lightning channel openings and coin joins because those obviously complexify many things. But as as far as on chain mixing, with a couple of outputs, No changes generated arbitrary inputs.
[02:05:58] Unknown:
That's that's what what some of the tool can do right now. What what do we have to what kind of and, Obenom, just feel free to jump in here. What what kind of what kind of, trust model is this? Like, do do we what do we what are we trusting the coordinator with? Is it is it almost like a little bit custodial while you're in that process where the the those the Wasabi core Wasabi 2 point o coordinator can can take money?
[02:06:24] Unknown:
No. No. You're you're not testing at all, the coordinator.
[02:06:30] Unknown:
We're just matching all the all the UTXs in the wallets and trying to find with an algorithm which would be the best kind of denominations to put in in the coin joints. Right?
[02:06:41] Unknown:
Yeah. Yeah. Exactly. Based on other users' inputs, you're guessing. So you don't know exactly how much anonymity you will get out, but chances are you will get out. You there will be other users guessing similar ways than you based on your inputs and other user inputs. So so yeah.
[02:07:01] Unknown:
Do you do you do you think that is there any trust required in the coordinator in Wasabi 1 point o?
[02:07:12] Unknown:
There are some some minima trust issues when we are adding, like, 2 inputs to to a mix from the same user, then then there is trust required. It obviously doesn't happen normally, but in edge cases, it it does.
[02:07:33] Unknown:
No. Not not really anything else I can I can come up with? Well, I would say the big one is exactly what I said earlier. Right? Is that and you have no Sybil resistance from the coordinator. Do we not agree on this?
[02:07:46] Unknown:
I I mean, yeah. Sure. We can we can go to the go deep with this because I I did some calculations. And if if if you would like, then I I can tell you exactly that what it is incentivizing at.
[02:08:04] Unknown:
Sure. Let's let's dive in.
[02:08:08] Unknown:
My my previous example was was okay. By the way, that 99 peers, it makes sense to add 1 coordinator peer. One peer, it it doesn't make sense to add 1 coordinator peer because coordinator piece more network fees.
[02:08:24] Unknown:
It it makes sense. Right. But in practice, that's not the case. Right? In practice, you'll have, like, 40 honest maybe. Maybe you'll have, like, 10 or 15 coming from, you know, a single entity, and then you also have so do what what about what about remixing? Do we think that that that users should remix? Should they do one round? Is one round alright?
[02:08:51] Unknown:
Is this connected to the previous conversations?
[02:08:55] Unknown:
No. Not real I mean, it's connected in that, I think, Wasabi anonymity sets are overstated. You overpay for them based on the anonymity set, and then they degrade rapidly. So I think that all users should remix. Do we are we all on on the same page on this? Or
[02:09:15] Unknown:
I'm I'm I'm not sure. I mean, depends on the users. Right?
[02:09:20] Unknown:
My I guess the issue that I'm coming from is that I feel like the default of 51 for the Anans set has always been way under state, like, it's just dangerous default, like, people should default to at least at least 2 mixes. At least at least at least a couple people should be remix and, like, at least some people in the the fucking round should be remixing, if not everybody. Right?
[02:09:48] Unknown:
Yeah. I mean, 25% is remixing. Right?
[02:09:52] Unknown:
But then why is the default 51 if that's just one round? And most most times, it's just a single round, 51.
[02:10:03] Unknown:
Oh, because it's expensive. Right?
[02:10:07] Unknown:
So we should have so does Wasabi 2.0 incentivize remixing? Does it make it so that a user doesn't have to pay more money to to have remixes?
[02:10:20] Unknown:
I mean, you're paying the network fees which are not insignificant.
[02:10:25] Unknown:
Right. That's unavoidable, but I'm talking about on the coin joint fee structure.
[02:10:37] Unknown:
Should we change okay. Are we not incentivizing remixing right now? I
[02:10:44] Unknown:
I don't think so because the default is 51, which is usually just a single round, and you have to pay significantly more to continue to to continue to remix. Right? You just said it yourself. You said it's more expensive to remix.
[02:11:02] Unknown:
If you put in let let's say let's let's keep it simple. 0.1 Bitcoin. And when you're remixing that 0.1 Bitcoin, then then you don't pay the whole coordinator fees. You only pay as much as you have, which is a few Satoshis left. In this case, you get the perfect mix.
[02:11:26] Unknown:
But then if that's the case, then why are we why why is the default in Wasabi 51 instead of, you know, a couple mixes? Like, at least 1 o so, like, we're we're if if I go back to what I said earlier, it's like when I'm trying to onboard people, and I'm talking about Wasabi, I'm, like, okay. So then after you install it, like, go into settings, switch it to at least 101 so that that you know you're guaranteed at least one remix. Do you agree that that's best practice?
[02:11:54] Unknown:
I mean, it depends on who. Right? I would not keep remixing
[02:12:00] Unknown:
forever. That's for sure. I'm not saying forever. I'm saying at least once.
[02:12:07] Unknown:
I I think I would be okay with the single mix, for example. But, you know, like, you're you're remixing, right, like, the the 50 unlimited set is not reached for all your coins. It's only reached for 0.1 Bitcoin, and the rest you are you are still remixing. And if you start with 0.8, then you will have a couple of anonymity set on 0 point on a 0.2 coin and on a 0 point 4 coin. Right? So when you are putting that into the mix because that does not reach the 50 anonymity set in the first round, then, you are remixing.
[02:12:52] Unknown:
But yeah. I do you think can I have a question? Do do do you, from my understanding, multiple mixes on the same output, not talking about the other bigger remaining output, is more efficient in terms of gaining anonymity than adding peers to one mix. So what I'm trying to say is that mixing twice with 50 peers is reaching more than once with a 100 peers.
[02:13:40] Unknown:
I agree with that. And, Upar, do you agree with that?
[02:13:45] Unknown:
So that's a that's a good question. I I I actually, I had some calculation. Let me see if I can remember that. So so so the question is basically similar to 1010 people coin join versus 100 people coin join. Right?
[02:14:13] Unknown:
That's Yeah. That that's a mathematical example. Exactly. Yes. Yes. I I don't I don't think it's simply additive. I mean, it's not completely exponential either, but it's somewhere in between. So Yeah. Multiple rounds are better than one big one, my in my opinion.
[02:14:31] Unknown:
Yeah. Yeah. So so so my my point is that you can mathematically tell which is better, which is you're calculating the the equal I'm I'm not sure. Right? But, well, I definitely had the calculations, a few half a month ago or something like that for that. Yeah. Sorry.
[02:14:55] Unknown:
And and you also presume then if you are remixing, then others too who you have been your peers. So, you know, the onset does kind of branch out like that as well.
[02:15:10] Unknown:
I I mean, you're presuming with the it it doesn't it it doesn't matter for for 10:10 people coinjoin versus 100 people coinjoin. Others are branching out from that anyway.
[02:15:31] Unknown:
I mean, it's it's not the case if everyone is just doing 1.
[02:15:37] Unknown:
Oh, yeah. But not everyone is doing 1. Right? That's 25% of the mixes are remixes. So 25% is not doing that. They are remixing. These are not remixes of the changes of the non mixed, coins. These are remixes of the mixed coins.
[02:16:02] Unknown:
Yeah. I mean, I I yeah. I I understand that, but, you know, they are paying for it, and they are not, you know, the system is not set up a way that which would make them to do this. I mean, they have the personal choices or they have, like, a higher target because they listen to Matt to put it to 101 or, you know, or they just feel more comfortable with more mixes. That's what it happens. It's it's not doesn't happen automatically. Right? If I for example, if I if I put my coins in in in join market, right, if I'm a taker, I'm having a low time preference and I do the mix days or or or running a tumbler with multiple multiple mix days in including transactions which are not creating state change.
And then either because I've I'm in rush, I need to spend somewhere or I leave my coins in there and continue as a maker and alternate these rules. And as a maker, I'm not paying anything, but still improving the anonymity set of my coins. Right? So how is that that is just so much better to me that I wouldn't even think of not using the chance of free remixing. And to be honest, this is the same with if you are entered and do pay pay the fees to enter. You will just leave it as long as your, you know, time allows or you are comfortable with having your funds in.
[02:17:30] Unknown:
So when you say it's not incentivized, do you mean the default is different or there is no financial incentive?
[02:17:41] Unknown:
There is a counter incentive incentive. Right? Because you need to pay for it to continue. So, you know, it's cheaper for you to not continue.
[02:17:51] Unknown:
It's cheaper than mixing non mixed coins. Do do you see how? I see that. Yeah.
[02:18:02] Unknown:
But that doesn't I mean, yeah. Yeah. That's that I understand that it's true, but also, I want to mix my non mixed coins more than the mixed ones. So, I mean, you know, that doesn't matter really. This is about if I want to increase the anonymity set or the, kind of darkness or, like, modeled around my coins more.
[02:18:29] Unknown:
And I do You you want to what do you want to incentivize? Mixing non mixed coins or mixing mixed coins?
[02:18:38] Unknown:
No. It's clear that mixing non mixed coins, it does cost a fee. But then you you see that's how the other implementations are set up in a way that you can continue mixing without paying. So you would do it.
[02:18:59] Unknown:
Okay. Yes. Yeah. I I I I I see that. Definitely. So you can continue mixing without paying while other people are paying for it. Right? Yeah. So I I think it's it's not a good idea to to not let to to not do the people to to not make the people pay the network fees for various reasons. On the other hand so if the suggestion is, should the coordinator somehow prefer or not ask anything from remixers, then I think that's a that's a good suggestion. Sure. If if that's what you guys mean.
[02:20:01] Unknown:
Yeah. That would be because that's that that is a benefit from both to it's it's beneficial to participate, to remix for both the ones who are remixing and and also the new entrants. Right? Because they have a higher anonymity set. So it would make sense to pay for it as a new entrant. And that payment can incentivize the people who are just there for the privacy. And now the question is if they take their coins out or stop the the wallet or, just hang hang around a bit longer to gain more privacy.
[02:20:44] Unknown:
Sure. But, you know, someone has to pay the network fees, and I don't think it should be I think whoever uses the block space should pay the network fees, which is the long term bottleneck.
[02:21:03] Unknown:
Right? I I think what Open Arms is trying to get to and is is is what I'm trying to get to is that do we not agree that these tools should encourage remixing based on their structure and their defaults?
[02:21:22] Unknown:
I'm not sure about it. I I think it's very expensive to remix. I think the people who would like to remix a lot have a very specific reason to do that. So what should be the default? This should be the default to to normal users. Right?
[02:21:49] Unknown:
If if I used, which I did, if I used Wasabi in 2019 and I used the default and I got a 51 in onset, Right? And it stopped automatically based on the default because I didn't change anything. I just trusted the default. Got my nice 51. I got my badge. Got the green check on it, and it just sit there. It just it's it's sat in my Wasabi Wallet. I haven't moved it. What do we think the Anand set is today? Significantly less than 51. Do we agree?
[02:22:20] Unknown:
No. Yes. No. Okay. So it is less because other people are doing things that makes your UTX more likely to coming from the source where you put it in from. Right?
[02:22:45] Unknown:
Yeah. Yeah. It's an elimination process. So as people are coming out as or a doxing, going to KVIC services, they do identify themselves. So so if there are 50 people and 49 have identified themselves, then, you know, you know who is the 5th thesis.
[02:23:02] Unknown:
Okay. So but on the other hand, and I think you guys talk about this a or you met talk about this a lot, Other people are remixing the coins. Those are exactly equal outputs to your coin. And those can go to many different places too. Right? And those can be remixed too, and those can go to many different places. Now I don't think this is a good argument there. But if you look at the the the academic terminology for anonymity set, then the anonymity set is would be huge, like 1,000 or I don't know how much, but huge because exact same coins that could be yours go to other places in the coin join.
Now this this is where where where we should bring in probabilities, right, that it's unlikely. But, if if you take the anonymity set from an academic point of view, then it can be a lot more because of future mixes.
[02:24:24] Unknown:
I mean, I I I agree that remixing helps. We just lost Open Arms. Hopefully, he'll join back in. I I agree that remixing helps. I just I just I wish it was incentivized, rather than discouraged, so that that that would be more likely to be the case rather than having to just hope hope that people do it. I I just wanna be absolutely clear here, that I appreciate all the work you put in to this very important topic as, as as the one of the I mean, it's a topic that I've dedicated a a significant portion of my life to. So I I do absolutely appreciate, all the work you and the rest of the Wasabi devs have done.
My goal ultimately is I just want these tools to be better. I I think they're they're not perfect. I don't think this should be a controversial thing, that they're not perfect.
[02:25:29] Unknown:
Yeah. That's definitely you know, like, when I when I wanted to go into the details of the coordinator, fee, economic incentives to part of participation. I I didn't try to trap you. Right? Like, it's a nuance topic, and and, you know, I I didn't think that much of it previously. But now that that that, this this debate was coming up, I actually sit down and did the calculations, and I got results. And and I I I don't know. I mean yeah. So I I wasn't trying to trap you there.
[02:26:20] Unknown:
Oh, we lost Open Arms again. He's back. I I so I Open Arms, you everything alright over there?
[02:26:30] Unknown:
No. I I needed to switch to mobile. That's my, ISP
[02:26:35] Unknown:
has got me off, it seems. There we go. They're trying to stop this very important conversation. Awesome. You know, pump pump pump would do something like a ridiculous tweet. Oh, they're trying to they're trying to censor Citadel Dispatch. Please like and subscribe. Yeah. I I I look, I look forward to Wasabi 2 point o. I I I hope that there's there's an incentive to remix there. I hope that users are encouraged to do it based on the the the implementation and the defaults. But, yeah, I I I don't know. I I don't I'm trying to keep this conversation as actionable possible, and I feel like maybe we've hit, like, kind of a wall here.
I do appreciate the insight. I I guess I don't know. Should we should we move on to to another topic, or what are you guys thinking here?
[02:27:43] Unknown:
So so I I think I just I just don't guide you through of my calculations, but maybe I I it's it's important that to say to just just to say my conclusions because is it is there a fee incentive for the Wasabi coordinator to participate? Yes. And it is definitely a problem. However, I don't think this leads to severe risk. And yeah. Never mind. And I think I could even prove that there is no such civil attack on on Wasabi. And, you know, maybe maybe maybe the most important thing is that why so if there is this fee incentive, why aren't we changing it? Maybe that's that's what you are more most curious about.
It's that, you know, how the fees are being, collected and paid out is the most most fundamental business agreement that we have with our users and, you know, unilaterally changing it without without very, very good reason, like like for Sabi 2.2. I I think it's it it would not be a good idea because, like, that's what that's that's our most fundamental agreement with our users. And, and that's opens up a lot of problems. You know?
[02:29:19] Unknown:
Has the Wasabi team ever participated in their own Wasabi rounds?
[02:29:25] Unknown:
We are mixing every every well, Evan, we are we are mixing the incomes. Yes.
[02:29:32] Unknown:
So you're you're mixing the fee revenue?
[02:29:36] Unknown:
Yes. Yes.
[02:29:40] Unknown:
And that increases the user's fees every time you do that. Right?
[02:29:47] Unknown:
Well, not significantly. Right? $0.16 per peer, and we are able to participate in, I don't know, 5% of the mixes. We we are not. This is you know, we are a participant in the mix. It's it's not a coordinator civil attack, one jumping in with a single user for 5% of the mixes. Right? Do do you do you do you agree with that, or or do you think we should not use the
[02:30:30] Unknown:
the Wasabi service at all? I'm just trying to make a point, specifically. But, I mean, I I don't think the word Sybil implies a motive. Like, I don't think, I I think you could be a good actor and still be sibling. Do we agree on that? Like, a civil attack a a a a civil is a very is a is a very objective term. Right? It's just, you're participating in in something, and you're reducing the an onset because you know your own participation. Right?
[02:31:01] Unknown:
It implies that it's an auto co nonlinearity set in in in the context of coin joins. Right? It implies that it's an attack on privacy. Sorry. Not anonymity set. I don't know why I said that. It's not a concurrency. That that would be severe.
[02:31:19] Unknown:
But you could be you could be a good actor and you could be inadvertently sibling. Do we not like, like, is this not a thing? Like, if if if I'm running 5 clients, but I have no intention of deanonymizing people, I'm still, like, 5 concurrent clients, and I'm joining a a a round under the auspices that is 5 separate people, but it's really just me. That's a civil regardless of the fact that I'm trying to deanonymize people. Right?
[02:31:49] Unknown:
You could say that it's a civil, but the the consequences are not that anyone's privacy would meaningfully be hurt by that. So so if you want to do a real civil attack, right, that's 10,000 fresh Bitcoin monthly. You would have to have that much money for Ria Sibilata. Assuming Ria Sibilata already happening, then you are you have you are bringing in 9,000 Fresh Bitcoins monthly, assuming that it's already happening and de anonymizing users, unless you are remixing all the time. Right? Because if you're remixing all the time, then you don't have to bring 10,000 Fresh Bitcoins monthly. It's okay to look at them the daily volume, which is which is 300 Bitcoins. So from 300 Bitcoin, you can civil Wasabi if you are the kind of the only one who is so but the problem there is that then you should see very high remixed numbers, like 95% or something crazy like that, but you do not.
So the the thing here is that the civil attack is actually noticeable
[02:33:24] Unknown:
unless the user quoting you keep quoting this 25% number. That 25% remix number is what a a a civil attack would look like. Right?
[02:33:35] Unknown:
So if if less people are remixing, then, sorry, if the the remix number is not very close to a 100%, then you must match the the fresh Bitcoins coming to the mix in order to make it look like, you know, no one is no one is is is is doing anything. So unless unless someone has, well, 10,000 Bitcoin new Bitcoins monthly, so that's a 100,000 yearly, then there is no remix except if the remix numbers are sorry. Then there is no c b l, except if the remix numbers are high. Because in that case, the daily volume would be enough because the confirmation target is about a day. So that's you can't use the coins.
[02:34:35] Unknown:
The main reason the main reason the coin join fee exists, not the network fee, the coin joint fee exists, is for Sybil resistance. Correct?
[02:34:46] Unknown:
No. No. No. No. That that's that's for business purposes. Right? The CB resistance is, hopefully coming from the network fees and the the initial requirements.
[02:34:58] Unknown:
So you think a coordinated coin joint implementation that has no coin joint fee, period, is sybil resistant?
[02:35:07] Unknown:
I think the doing civils on on coin joints without coordinator fees are still very expensive.
[02:35:23] Unknown:
I mean, I think it will be in the future, but they they haven't really been historically. But I I I I think I think I think developers of CoinJoin implementations should try and make it so a a bad actor has to pay a a bad actor who's attempting to sybil has to pay more money than a good actor, an honest actor that is just attempting to gain privacy. Do we agree on this?
[02:35:53] Unknown:
How do you know who is bad actor and who is honest actor?
[02:35:57] Unknown:
I I think you can set up an implementation so that if if, if you're attempting to sybil, it costs you more money. If if let let's say, hypothetically, it was possible. Would you agree that that is a better situation to be in?
[02:36:17] Unknown:
So, I'm I'm sorry, but the point of Sibyl Attack is that make yourself look alike than other honest peers. So that's that's like there is a cognitive dissonance there. Right? Because if you can differentiate between civil and non civil, then then then then you know that there is a single attack.
[02:36:41] Unknown:
You know what I mean? Or am I Well, what what if you what if you made it what if you made it so if a user who joined a coin join round, with multiple UTXOs, that were randomly selected to join fall a subsequent route paid a smaller fee than someone who joined with concurrent implement you know, instances. They're running a bunch of instances at the same time, and and they're they're practicing Sybil type behavior rather than a user who's who's, you know, adding their a a majority of their UTXOs at the same time. Is that a better situation to be in?
[02:37:22] Unknown:
So sorry. Let me repeat that. So a user who so so you could look at the what kind of UTXOs are coming in in in the mixes and you know that a user who is joining with multiple UTXOs.
[02:37:43] Unknown:
Yeah. I'm sorry. I'm I'm lost. So a civil attack a civil attack is when an attacker comes in and tries to be the majority of the participants. Right? And then tries to use tries to use, process of elimination to hurt the hurt the privacy of the other participants. Right? So if, let's say, at an extreme level, a Sybil attacker comes in and they're 95 of the 100 inputs, they can use that private knowledge that they're the 95 inputs to try and ruin the privacy of the remaining 5. It would be hooved to me, it makes sense that someone that that if you're working on trying to create a a coin joint tool, you should try and make that that scenario more expensive than a scenario where the average user is coming in and they just want privacy and they just wanna be one input.
Right? Like like, that should be the way these systems are set up. It's the number one attack that's used. Right?
[02:38:46] Unknown:
Okay. So if I have a 100 Bitcoin, then what prevents me from breaking it down to to small amounts?
[02:38:59] Unknown:
That's the point though. My point is is in Wasabi, nothing. With with Wasabi, if I'm running if I'm running a 100 instances that are mixing with each other, I pay the same fee as if I'm running one instance and just running my coins through it. It's the same exact fee except for network fees, which I do agree add extra Sybil resistance when fees go up, but fees have barely gone up.
[02:39:30] Unknown:
Well, you are paying coordinator fees after yourself too, like, after your peers. So but but yeah. Yeah. Sorry. Yeah. But Stowe is the honest user. The same. Yeah.
[02:39:42] Unknown:
Open arms. What's up over there?
[02:39:47] Unknown:
Yeah. I I I don't feel that comfortable paying by participants in in this setup, but, you know, I don't know if we can solve the, you know yeah. You cannot guarantee the new entrants. Right? I mean that that is that is the the question because as 6102 have, pointed it out, if we let people remix free then and that's what Nupa is saying as well, then the possible simple attack will become much more cheap. Right? So unless you would have a guarantee in every round that the new participants need to be a set percentage, and then the remix participants are chosen randomly.
But, you know, that's would be pretty much applying another implementation to a service. So that's not the solution, I guess.
[02:40:52] Unknown:
So what you may be able to do is to to the if the coordinator has the whole blockchain and can work on that properly, then you should be able to make sure that the thing the inputs that you accept into the coin joints are as disjointed on chain as possible. But, yeah, I mean, you do some some centralized mixing, and that will break it. I I maybe not. I I I I don't I I don't know. Maybe I'm just going off tangent here. But but but, I mean, it it doesn't really matter that much because sibling is expensive even in in non even in in scenarios when when no one is trying to to prevent them, the volume is the main obstacle there that you have to match the the honest users' bitcoins with yours, and that's how you can can get the, you know, the anonymize them. If you can't match the honest users' Bitcoins, then I don't know. It's it's got messy.
[02:42:24] Unknown:
I mean, except for the coordinator.
[02:42:28] Unknown:
Well, the coordinator has to match the honest users because coordinator is getting paid for money. But but it has to have that much money to to match the okay. Assume assume the coordinator is bringing in $10,000 sorry. 10,000 Bitcoin monthly, then then does it really make sense to to mess around with with a with a few dollars of fees and the like like, executing this attack if the coordinator has 100 of thousands of times more money already, then why would he want to do this attack? Right?
[02:43:21] Unknown:
I look, I I I just I just once again, I just want to reset a little bit and just, you know, I I appreciate you coming on the show. I look I I look at this as more than just a podcast. Like, I think this is, like, kind of we're all trying to just learn together. You know, I almost think of it as, like, a global classroom. So I I appreciate you coming on, just talking through all this shit with us. I appreciate Open Arms coming on, obviously, as well. I I think it's an important discussion that should just continue to be had. Like, I I want these discussions to be had publicly. But I do kind of feel, there's a disconnect. I I don't know. We're, like, miss like like, we we were just not, like, there's no breakthrough here.
It's just frustrating. I I I just I just wanted to be absolutely clear that I think every person I I I think the 3 of us are acting in good faith. Like, I don't think that we're acting in bad faith here, but there's a massive disconnect.
[02:44:36] Unknown:
May I share with you my calculations
[02:44:39] Unknown:
finally? Do it. Share the calculations.
[02:44:43] Unknown:
You know why I was bringing in that only one coordinator peer and examining the 99 and versus the the one honest user case is that the the idea here is that somewhere in the middle, it starts to make sense for the coordinator to jump in with another peer. And that's somewhere in the middle. It's actually 13 peer, with with the average network fee of $2 of participant and the coordinator fee getting per participant, 0.16. So that's at certain peer, it starts to make sense to to come in with one other peer. And, you know, like you guys pointed out that, that one other peer is is still still not a not a real life example. Like, what happens if the coordinator is coming with multiple peers?
And then we can we can look at this equation in in a way that if we have x honest users and 100 minus x coordinator users, coordinator peers, then this becomes a maximization problem because you can you can run this maximization where the coordinator gets the most money, and that actually at if x equals 56 honest users and 44 coordinator peers. And that's where the coordinator can get the the most money out of the system based on this this incentive. But,
[02:46:37] Unknown:
So the incentive is broken?
[02:46:39] Unknown:
And and this is already on a high chain fee. Right? So if the chain fee is lower, then it's cheaper to SIBO.
[02:46:47] Unknown:
Exactly. This is with the last month of reaches.
[02:46:51] Unknown:
Right. So previously, it was all one separate bite.
[02:46:57] Unknown:
Yeah. Yeah. Yeah.
[02:47:03] Unknown:
Okay. Well, I mean, that sounds to me like we agree. Do we did did I was not doing the comma, dear. This is I look. Guys, I really appreciate both both of you, coming on the show. I kinda we've been going for almost 3 hours now, which is usually where I try and cut these things. It's been good. This has been a good discussion. This might be the best Citadel dispatch, we've had so far, And it's going out to all the citadels, which is great. This very important topic. Open Arms, before we close, I just look, you've been super dedicated to join market. I feel like you should give the freaks you should give the freaks your pitch. Like, why should people use join inbox, use Raspberry Blitz maybe with join inbox, or just join inbox by itself, or just join market? Like, why should people use that instead of of these other options?
[02:48:12] Unknown:
So, I mean, the implementation is just joining box is just a wrap around join markets. So it's basically we are speaking about using the same thing, one being easier having this type of interface where you can use it on the desktop with your with the graphical interface. It's certainly better to use it on a dedicated box if you want to use as a maker, which is the biggest kind of feature of joint market as I feel. Being incentivized to provide liquidity and, you know, mix your coins freely. I think if you have if you're not in a rush, you can if you just, if you're comfortable holding in a hot wallet, I think it's joint market is a very good place to park the coins basically while they are getting mixed and you are generating some minimal income as well.
[02:49:13] Unknown:
The income is bullshit, though. Right?
[02:49:15] Unknown:
Well, it's yeah. Put the rate. Point 1 to 1 percent of the deposited money, which is I mean, you know, it's it's it depends what what your expectations are. Right? It doesn't match with BlockFi. Right? Only after how much? 2.5 Bitcoin? BlockFi. No one should use BlockFi.
[02:49:33] Unknown:
There you go. I as far as I'm concerned, the base yield of Bitcoin the base yield of the world now is just holding Bitcoin. It's an asset that's designed to pump forever. This is there's risk free rate concept that the traditional finance people want to show you, is bullshit. The risk free rate of the world now is holding Bitcoin. Just say humble in StackSets. So so no power. First of all, open arms. That was a great, I appreciate that. I I just wanna say, like, I really like, join inbox is the best way to use join market, whether you use that on Raspberry Pi Bullets or you use as a separate image. I appreciate all the work you're doing on that front. I think it's it's very important work, and I I really do appreciate it. And I appreciate you coming on the second time, and I expect you to come on dispatch many more times in the future.
The this show is also a 61 02 Bitcoin show. He's a cohost, and Nopara, he would be very upset with me, if we didn't talk about systemic systemic address reuse. This idea that there is participants in wasabi mixes, that keep reusing the same address. So they're counted in the Anonset, calculation. The fees are paid out based on them being a an additional privacy benefit. But, clearly, if they're just reusing the same addresses over and over again, they're not a privacy benefit. Do you agree that a coordinator should just stop that from happening? Like, why why would a coordinator allow that address reuse over and over again? Like, the coordinator can see it happening. They should just Wasabi already bans.
Wasabi always already has a blacklist if you're attempted to if you're doing bad things, like I or or thought to be doing bad things. I've been blacklisted on the Wasabi coordinator because of tour issues in the past. So why why isn't the systemic symmetric address reuse, being blocked, and should it be blocked going forward?
[02:51:37] Unknown:
There is no way to tell if it's a donation or or or a real transaction. Right? I mean, on the principal level, on the implementation level, sure, we could do that. However, the problem is that that would sweep the problem under the rug because that address reuse happened already. It just against the coordinator. Only the coordinator knows, but we consider what the coordinator knows public knowledge, so we don't want to get in a situation where the coordinator knows more things. At least that's what we are trying to minimize, and this would be a step in the wrong direction.
[02:52:23] Unknown:
But but but the coordinator can tell that the address is being reused. Right? The coordinator can tell that it goes from one address that's that's been reused to another address that's been reused. Like, why? That gets pretty obvious. Right? Like, it's on chain. The input side and the output side have the same address. Like, shouldn't a coordinator's block that? Like, why is that a thing?
[02:52:46] Unknown:
Oh, okay. Sorry. I I just wasn't clear. The reason why the coordinator should not block the address reuse one reason is that, you know, on Bitcoin Core, you can't even detect that. But but, anyway, you can if you are looking inside transactions. But, anyway, never mind. That's just doesn't matter. So so so the point is that you should the address reuse already happened at that point.
[02:53:21] Unknown:
Right? No. But but literally the output the output of the mix has the same address as an input of the mix. The coordinator knows both sides. They're the coordinator. They coordinated the transaction.
[02:53:35] Unknown:
Yes. But the address reuse happens. So if the coordinator refuses that that, the coordinator should let it be public and not try to hide this happening. Does that make sense?
[02:53:50] Unknown:
I mean, I guess my point is, like, I respect the idea of join market where we have, no coordinator and it's just straight p to p. But if we're able to get away with using a coordinator, a centralized coordinator and regulators are fine with it, that coordinator should enforce sane defaults. Like, that's the advantage of having a centralized coordinator. So why is the coordinator not enforcing a fake and onset? What I like like that there's clear the on chain is clearly a fake. It's it's it's it's not helping anybody in the mix if if the person used the same the same address on the input side as the output side. So what do you mean by take on offset? It's it's a person it's a person or entity, apparently, that is using a modified client that has the same input address as the output address in a mix. It's the same it's it's I come in from one address, and I come back out of the mix on the same address, but it's calculated in the an onset calculation, obviously, that doesn't help anybody's privacy.
[02:55:04] Unknown:
I mean, it's not like you would rely on only one other person in the PR, but in the in the mixes, but the anonymity sets are are showing much larger numbers. And these are not significant amounts of of of that happening. Right? Like, who I I have no idea how the hell this this can happen. Right? Like, there there was a quote there was an address that has been reused over 300 times, and many address. Not many addresses. I I don't actually know. But there was definitely one that has been reused 300 times input output side. And, you know, like, whoever does this for whatever reason is not our concern.
We don't want to know we we don't want to know. Right? Like, we just want to know as little things about our users, whatever crazy way they are using the system until until the the the main properties of the main privacy and Germans are are enact, and it don't ruin the privacy, like, in a significant systemic way. Right?
[02:56:25] Unknown:
But but theoretically theoretically, just, like, do we do we agree that, like, a the coordinator should should just not allow reused addresses in a mix?
[02:56:43] Unknown:
On a principal level, no. Because it could be a donation. It could be even mixing a donation address,
[02:56:55] Unknown:
and and someone else is paying that exact donation address and But I'm not even saying the output is reused. I'm saying the input and the output are the same in a mix. The and the one of the input addresses is the same as an output address in a mix. We that should not be blocked.
[02:57:12] Unknown:
So, yes, that's what I'm saying that I am mixing a donation address from a donation address, and the same person is sending and some other person is sending the money to the donation address to the same donation address. Right? So in principle, it should not be prevented because it's about because there are valid use cases like that.
[02:57:37] Unknown:
What's the use case?
[02:57:40] Unknown:
Oh, someone is donating.
[02:57:43] Unknown:
No. No. That's not what I'm saying. I'm not saying the donation. I'm not saying the output address is
[02:57:50] Unknown:
I mean, if you could
[02:57:51] Unknown:
give me a There's 2 participants. 1 participant is the donation receiver, and 1 participant is the donation giver, and they just happen to coincidentally be in every mix together.
[02:58:02] Unknown:
You you can't do that.
[02:58:05] Unknown:
You agree with me, open arms. Right? Like, the coordination is just blocked that shit.
[02:58:09] Unknown:
Of course. Currently you cannot pay inside a coin join in Wasabi. So how could that be the case?
[02:58:16] Unknown:
I I'm I'm sorry. You you guys brought it up as a in in principle. Right? Like, in principle, should this happen?
[02:58:24] Unknown:
Well, I'm trying to be friendly about it, you know, but it's it's it's it's happening in wasabi mixes currently. Like, I just don't understand why people are being charged for those for that perceived and onset when it's just a reused address over and over again.
[02:58:40] Unknown:
So, I mean, this is
[02:58:43] Unknown:
We must 100% assume that the one who is controlling the address, so sending into the coin join is the same who is paying to it. Because there is no other way and software is there.
[02:58:59] Unknown:
So okay. Assume we are refusing address reuses centrally on the coordinator, then that means the coordinator knows more than anyone else observing the chain. And that means the coordinator has this extra knowledge that might be asked from us by law enforcement agencies. So if we try to prevent this kind of stuff in the coordinator level, then we may have some legal liabilities. That does that does that make sense in principle?
[02:59:48] Unknown:
I mean, but the coordinator already knows this shit. Like, the coordinator knows the input and output addresses regardless already.
[03:00:00] Unknown:
It doesn't.
[03:00:03] Unknown:
K. You're constructed. The coordinator coordinates the transaction.
[03:00:09] Unknown:
Yeah. But it's it's an untrusted way. Okay. So I I I don't know what you mean because They don't know the addresses they don't know the address from
[03:00:19] Unknown:
address you user 1 goes to the second whatever address he goes to, but they know the set of addresses on one side, and they know the set of addresses on the other side because they coordinate the transaction. Right?
[03:00:38] Unknown:
Okay. But if you reuse the address on the input side, then then the coordinator is going to know the link because the coordinator sees it. And if the coordinator doesn't let it go on chain, then it's only going to be the coordinator who knows it. Right?
[03:00:56] Unknown:
No, Paro. Why does does does does Wasabi already have a blacklist system in place for people they feel are abusing, the coinjoin rounds?
[03:01:09] Unknown:
So that is for denial of service attack protection. Those who drop out of the mix, those inputs are noted and and have some stricter requirements when they can come back.
[03:01:24] Unknown:
Right. That's happened to me because of tour failures. So that already happens. The coordinator is already deciding that a a denial of service attack is potentially happening. So if the coordinator decides that that it is clearly a reused address, they could block that too very easily. Right?
[03:01:46] Unknown:
It is possible. Yes.
[03:01:49] Unknown:
Okay. Open Arms, do you have anything else over there?
[03:02:00] Unknown:
You know, I think we've we've the point is made that, you know, I don't want to pay for useless panels useless participants. Right? And it's wrong to it's it's it's wrong to allow that to happen. You're being charged useful for them. Significant money for it too.
[03:02:23] Unknown:
$0.16.
[03:02:26] Unknown:
Look. Bitcoin's designed to pump forever. I don't even want to calculate. If if you want me to if you want me to get on our HR on Thursday and calculate how many fees I paid it to you in US dollar terms, Like, I can do that. That's a large amount of fees I paid you.
[03:02:41] Unknown:
I mean, I mean, that's bullshit. Negligible amount. That's bullshit. Sorry. The sorry. The calculation relevant here is how many fees you paid after users who reused addresses. Right? And that's negligible.
[03:02:59] Unknown:
It can be blocked very easily. I just wish it was blocked. That's all. I'm just I I I it's just frustrate this is just frustrating.
[03:03:10] Unknown:
So sorry. But but okay. But do you do you do you understand the concept of the coordinator should minimize,
[03:03:18] Unknown:
the knowledge that it has about its users that the public does not have? The the whole point of using a centralized coordinator over join market, a proper p to p system, is that the coordinator has these these these this ability to enforce defaults on the mix. That is the advantage. It's convenience plus the the ability to enforce these defaults. That that is the reason why a centralized coordinator has advantages over, a a p to p system like join market. So if if a centralized coordinator is not gonna enforce that shit for me, then I'm just going to use a p to p version.
Like, that is where I stand, and and and and and that is where we stand.
[03:04:07] Unknown:
I I think the point of using a centralized coordinator, it's that's a point. Yeah. I I I agree. The centralized coordinator can do more things than a complete peer to peer network. Right? Definitely. But the other point is that the central coordinator must be untrusted.
[03:04:31] Unknown:
Right? Like, it should minimize the information it should have because But it is trusted. We agree that it's trusted. Right? Like, a centralized coordinator doesn't provide civil resistance against itself.
[03:04:44] Unknown:
No. No. Not at all. It's not trustless.
[03:04:47] Unknown:
It's not it's not a trustless system. There's trust involved. The trust is minimized, but there's trust involved.
[03:04:54] Unknown:
Okay. Yes. Yes. That's that's a good point. I mean so we should try for minimizing the trust even further. I think that's a good goal here.
[03:05:11] Unknown:
Yeah. I agree. I agree. That's that's my goal. That's all I want. All I want is just I just want better defaults, better implementations. I want this thing's shit to be easy. I just want people to just just want to tell people to care about it and to use it and give them a very clear path to improving themselves. That is the goal. That is what I want. I think that's what Open Arms wants. I think that's what No Power wants. I think that's what most of the freaks want. Just a very straightforward path to try and improve their their situation.
[03:05:45] Unknown:
You you know, I can agree. I'm sorry. I can understand in in any significant way the past one and a half year. But, you know, we sit down and we started researching at how we can do this much better. And we want to do, not incremental improvements, but, like, paradigm shift, like a like a like a huge one all at once. And, you know, I'm the most frustrated that that we don't work on the coin joints, to be honest, to the core on the core and current coin joints. It's it's frustrating to me too, but, you know, like, it's it's coming,
[03:06:38] Unknown:
and and and you'll be the judge of that. Right? Yeah. I mean, just to be clear, like, I will be one of the when when you release a beta release of Wasabi Wallet 2 point o, I will be one of the first people to use it. We will be one of the first podcasts to talk about it. We will talk about it relentlessly, good and bad. So so you I I can promise you that, and I I hope other big corners follow suit in that regard. I think Open Arms will also cosign that message.
[03:07:09] Unknown:
Of course.
[03:07:11] Unknown:
I just want to we're about 3 hours and 10 minutes in. This is a fantastic discussion. I appreciate both of you guys. I appreciate all the freaks who came in at for your time to, be live with us on this Bitcoin Tuesday. Right now is, basically, we're, 45 minutes from when we usually start. I'm curious what the freaks think about this time change, difference. Should I do this going forward? Should I go back to the previous time? My my goal is to go back to the previous time. We are on Sphinx chat. We have over a 100 freaks now on the Citadel Dispatch specific tribe.
So so if if you wanna figure out how to do that, I can provide you an invite if you reach out to me privately if you can't figure it out. But you can run it on your own node if you use Umbrel or raspiblitz. So consider joining there. That's tribes dot sphinx dot chat. We have 2 tribes. We have one for our tails from the crypt and one for Citadel dispatch. So consider doing that. I appreciate both of you guys. Thank you for joining. Open Arms, I expect you to come back on many times in the future. No power, also, same thing. Like, this is the whole point of this this, this project. I mean, as far as I'm concerned, I want civil dispatch to be modeled after free open source projects.
There's gonna be no ads, no sponsors, free for everyone to use. I I might break copyright sometimes, but, actually, the music video that's gonna come at the end of this show is the first one that I've actually gotten approval ahead of time for. But I I just love all you freaks. You have any last comments? We'll start with Noparo.
[03:08:59] Unknown:
You know, I'm I really appreciate of being here because, I don't know how you are with it, but I find Twitter to be not the right platform to flesh out complex topics. And so I just default back to try to not get involved with any kind of drama. And and, you know, in fact, just a couple of points on the drama that I think I think I think it would be a pity to to lose new people from starting working on Bitcoin privacy because of what they are seeing, happening around them. And, you know, I just I I I just hope it wouldn't be like that, and and and more people would be more encouraged than you know, like, we could flesh out a bunch of concepts, like Tumblr, Bitcoin swaps, or all kinds of crazy things that we like like, only in the research, phase.
So so I I hope more people will work on Bitcoin privacy because, you know, like, it's really, really, really needed.
[03:10:18] Unknown:
So let's just leave it with that. In the in the spirit of that, can we can we agree can can we get you on the record saying that you don't think, the samurai guys are spooks?
[03:10:38] Unknown:
So I I I think it's I don't really want to get him involved. I I I hope I can I I I just would like to keep my distance and, you know, I I I just I don't want any more resentment in the space? Just
[03:11:02] Unknown:
Look. I respect that. I respect that, but I I'm probably one of the few people in this space that will unequivocally say on air, live, every fucking week that I don't think you're a spook, and I don't think the fucking samurai guys are spooks. And I do not appreciate the the fucking personal attacks on both sides, and and the samurai guys are 100% guilty of that shit all the fucking time. But, but it they're not it's not just them, and and I will unequivocally say that over and over again, for the freaks listening.
[03:11:37] Unknown:
Alright. Well, thank you, Matt.
[03:11:40] Unknown:
Open arms. Final thoughts.
[03:11:44] Unknown:
Yeah. I just like to say that, if you have any ideas of helping you guys diving in more into using Bitcoin in a more advanced way, I mean, joint market is a great tool for that. You don't have to use it, but it's great to try. You can try it on Signet. Free. Just play around. There are videos, documentation. Let me know if you can improve that or how we can do that. And, yeah, keep conjoining, you know, regardless.
[03:12:17] Unknown:
I love you both. I appreciate all the work you guys have done. Thank you for coming on the show. Shout out to all the freaks who have joined us for this one. Whether you were live or after the fact, you're the reason that I do this. I think you're the reason that we all do this. Bitcoin is designed to pump forever, and we will show the world, how it's fucking done. Thank you, guys.
[03:12:44] Unknown:
Thank you.
[03:12:46] Unknown:
Thank you, guys.
[03:12:49] Unknown:
Anything that ain't Bitcoin is a shitcoin. Spent the whole stingy on Bitcoin. Quick flips. High school misfit, but now I'm a big fish. Big dog big rip. Ice taking field trips. I fit my own new life, you call Biden dropped the stimmy. I hit a little shimmy. Hopped on the app to buy stats and got plenty. A couple months later, my girl was rocking Venti with this crypto knowledge putting checks on my tennies. Stacking sats till I got 10 b's. I remember when it only cost 10 g's. Bitcoin to die. Every year a new high. No lie. So I
[03:15:06] Unknown:
Appreciate appreciate you freaks. Shout out to, King Spencino on that fucking rip. That's the first Siddle Dispatch, end song that was actually requested and fucking followed through with no copyright infringement. So cheers to him. I wanna see more Bitcoin only fucking content, including fucking rap songs. I love all you all. See you for our HR on Thursday. Cheers. Stay humble, StackSats.
And and I'll tell you why. Okay? I I I will give him the first statement that it's highly volatile. And at this point, it's tough as a to use for transactions. But then he says it's not really a store of value and then says it's essentially a substitute for gold. So the the 4000, 5000 year store of value that we know historically is gold. And he just said it's like gold, but it's not a store value. So does he not think gold is a store of value? And with what the Fed's doing right now is a dollar, is he really making the case that that's a store of value?
[00:00:40] Unknown:
Well, hey, Joe. You you're thinking about it exactly the right way. I mean, there's a lot to unpack there. So so, you know, first of all, it was a store of value. I would just say there's a reason people have flocked Bitcoin in the last year, right, which is something else happened in the last year. And that is that we increase the money supply by 40%. So when you do that in a world of supply and demand, it means that the dollar is at least a 40% less good store of value than it was a year ago, and and that is one of the reasons people look to Bitcoin. But, Joe, the point I really wanna make is the dollar may not actually be backed by anything. Obviously, we went off the gold standard in the Nixon administration, But cryptocurrencies actually are backed by something.
They're backed by underlying networks. And what you're buying when you buy a crypto token, whether it's Bitcoin or anything else, is you're buying a piece of a financial network that's being built to transact all kinds of stuff. And the number of things that have gone on chain in the last 2 years is enormously high. That's why the cryptocurrency market today is almost a $2,000,000,000,000 market. I believe in the wisdom of crowds, personally, and I think that there's kind of, like, forces of the future at work here and then forces of the status quo. I think the crowds are telling you that these networks are where finance is going in the future. I wanna be part of that.
[00:02:32] Unknown:
Happy Bitcoin Tuesday, freaks. It's your boy, Matt O'Dell, here for another episode of Citadel dispatch. This is Citadel Dispatch 15, the interactive live show about Bitcoin distributed systems, open source software, and privacy. I'm joined by a return guest and good friend, Open Arms, well known for his work towards making join market, more user friendly with his join inbox project, and No Para, who is the founder of Wasabi Wallet, one of the easiest to use CoinJoin implementations available. We look forward to discussing a very important topic today, in that Bitcoin privacy and using Bitcoin privately, why it's important, the current tools at our disposal, future tools at our disposal, and tangential discussions with that.
I am aware that we usually come to you at 21 100 UTC. It is earlier today because of time zones and because this discussion is an important one, and we want to make it happen. So thank you to all the freaks who were able to make it, at this earlier time. If you're joining us through the audio feed, the Citadel dispatch can be viewed live on Twitch, Twitter, YouTube. Then after the fact, it goes to our podcast feeds, both the Ciel dispatch dedicated feed and the tales from the crib feed. So you might be listening to us there. Also, full archives without ads are posted, on citadel dispatch.com, both video and audio, hosted on Keybase and on Telegram.
So with all that said, if you're joining us via audio, that clip out in the beginning, was Brian Brooks, who is, like, the former lead lawyer for Coinbase, and he was also the former controller of the currency talking to our boy Joe Kernan on CNBC, candidly about, Powell's our current Fed chair's statements regarding Bitcoin and and whether or not it's a store of value or, or or a money, and it's just I don't know. It's kinda funny that it's just it's just hit the mainstream news in that way, and and they just talk about it so candidly. They talk about 40% money supply printing, which used to be, like, things that people would talk about in, like, dark dark corners of the Internet, and now it's just on CNBC.
Anyway, with all that said, I wanna thank the Freak's again for joining us live, and I wanna thank both Nopar and Open Arms for joining us for the discussion. I'd like to, you know I I figured we should start, with the discussion with why the Bitcoin privacy discussion is so important to Bitcoiners and why it should be important to Bitcoiners and why Freak should care about it. And with that said, let's start with you, Noepara. What do you think here? How's it going?
[00:05:29] Unknown:
Hey, guys. I'm happy to be part of this potentially historic conversation. So I would like to talk a bit about Bitcoin privacy and and and and its importance. And I thought maybe the best way to to communicate it is that I just present my my thesis on it that, basically operating based on that maybe during the last one past year. And and it all starts with the properties of good money, which I assume many people have heard about before. The divisibility, portability, fungibility, and so on, where Bitcoin brings scarcity to the table so no one can print more.
And and the only remaining problems left in Bitcoin is acceptability, portability, and fungibility. Acceptability is an easy one because it's it's taking care of itself. If we improve the other properties of money, then then acceptability is going to take care of itself. Portability is something that Bitcoin is or or any other cryptocurrency, to my knowledge, lacks a lot, and that's a very important topic to work on. However, there is a there is an army of open source developer working on portability. And that leaves us with with fungibility, which is, I suppose, for the sake of this conversation, we can say fungibility, privacy, and anonymity are the same things in in this in this context, but we might elaborate on that later.
And, you know, fungibility is not something that many people dare to to work on, especially on the implementation side because because there are large forces and interests trying to to control the citizens of every word, and one of the tools of control is must surveillance. And so it would not be a good idea to to let a private, anonymous, fungible currency had to be released to the world, but, you know, this is going to happen. It may happen with Bitcoin. It may happen with Monero. It may may happen with other alternative cryptocurrencies. But my guess is and I suppose everyone else's guess here is the same that Bitcoin is going to take over the world because people don't care that much about fungibility.
You know, fungibility, privacy is something that matters until until it stop mattering. And and so so if Bitcoin takes over the world, then 40 years from now, we will tell a very different story to our grandchildren. The if we we have Bitcoin privacy ready, then then without, without privacy in Bitcoin. So I I believe that's that's why fungibility may be the most important thing to to work on right now at this moment.
[00:09:36] Unknown:
I mean, I think you make some very good points there. I think what a lot of people, don't appreciate in the Bitcoin circles is that this is larger than just Bitcoin. We're seeing, transgressions made by large governments and corporations around the world on people's privacy, regardless if they're a Bitcoiner. Bitcoin is a subset within that. If we expect it to be the money that that the world will run on, the the the future money of the world, then obviously, it's gonna become a bigger and bigger aspect of the private equation. And it's important that especially with something like Bitcoin where you have this open ledger that's we expect to exist forever, if if if we don't work on this soon, mistakes that are made today could come back to haunt people in the future. Those things are never you know, the the ledger will never change.
So so if you make a mistake today, in 5 years, 10 years, it can come back to haunt you. Open Arms, you've dedicated a large portion of your time. I know you don't do this full time, and I have tons and tons of respect for the work you've done, towards trying to make Bitcoin more private in your work with joining Box. Where do you what is your perspective here? Why show the show the freaks why they should care about, using Bitcoin more privately and improving Bitcoin privacy guarantees, at least on the app level.
[00:10:58] Unknown:
Yes. Exactly. I mean, I I agree with, you know, the things said previously. And also, I mean, CoinJoin is is one thing. It's a very important and very efficient tool, but, I mean, limited in scale, but we'll talk about that probably. Also, I mean, I do approach privacy in from all the different angles, as as we do all from, you know, from the net network level to the base, Bitcoin level and the base layer level and also, you know, going on second layers like lightning and, you know, other, kind of solutions are are as important as well. So I'd like to use all the tools available and why it is so important because this is just so much different from what we had before. We we had a have a system for registering and surveilling transactions, which is made for a private banking system.
And having a decentralized open public ledger, which everyone can read and use, it's just so completely different that it needs to be used differently. We need to be need to put emphasis on caring for our privacy because otherwise everything is just out in the open and you will be having a surveillance tool which has been never never seen before. And, obviously, you need to avoid exposing all your financial activity for your personal safety, but it's also important for your business or any other business for the essential for the operation of a free market.
So you need to be able to only expose things which you choose to, which is which is the main kind of aim here that, you can prove everything, but you don't want to expose more than necessary. So, yeah, I mean, this is just my kind of I would like to work towards the future which I'd like to see rather than a dystopian Orwell 18 1984 1, which could be as well as a reality if, you know, privacy would would be nonexistent.
[00:13:30] Unknown:
I mean, you mentioned 1984. Do you guys think do you do you guys think there's a lot of comparisons here with Bitcoin privacy spending money privately to speaking privately, private speech, encryption?
[00:13:46] Unknown:
Absolutely. And this is transaction either it's a form of communication, financial transactions as well. So being able to communicate freely is essential for, you know, for a healthy life and for, the kind of function of the society or civilization.
[00:14:12] Unknown:
So with all that said, I mean, I I agree with, I agree with the premise, Open Arms. I I think that I I want to, I want to cover all sorts of tools we have available to us, not just CoinJoin on this conversation, and I we will. We will get to that. But before we do, I think, well, first of all, to any any new freaks that are here, if if you're watching live, the top price is the evil empire's Coinbase's price, and then the bottom is Bisq, which is why Bisq is is is not moving as frequently. It has way less volume than Coinbase. So, I mean, I I think a great place to start here is Nopara spent a good amount of time releasing Wasabi Wallet to the world, and I'm curious your perspective, Nopara.
We know now you're working on Wasabi Wallet 2.0, and we will get to that. But before we do, with all these users using Wasabi, what what have you learned from that experience? What have you learned? What are the lessons that were learned from Wasabi that are that are hopefully being used going forward in terms of, Wasabi 2 point o development?
[00:15:42] Unknown:
Okay. So it it doesn't really connect that much to privacy, but it I I think this is the largest lesson I learned, or I'm still trying to learn or figure out how to think about that because, you know, I I started Wasabi alone in 2015, and then for 2 years, I pretty much worked alone with 1 or 2 people joined to the adventure for a shorter period of time. But then when when started to work with more and more people together, And I never worked in a big company before, and I don't know how things are are are taken care of in in the company. So, you know, I I came from this Bitcoin open source at all where everyone is is doing his or her best to the best of his or her ability.
And and and and so so our hiring process was the it it was very simple. You know, we we give you money every month, and you do whatever you would like to do. And this led to us going to many, many different directions and not not going to a to a to a common goal, to not not targeting the same thing together. And I did not change it in a way that, that that's how how you would you would work in a normal company that management has the objectives, and that's how it it must happen. But what I figured maybe the best way to to to run a company you know, I have no idea, but the best way to run a company is to try to convince everyone to go towards the same goal and see what happens.
And that's when, yeah, that's happened one and a half year, year ago, and and we'll see. So so so, yeah, basically, my my my largest learning experience is that when you let people do whatever they want without any inputs, they will do very good things, which microcosmically makes a lot of sense, but macrocosmically, it doesn't really.
[00:18:42] Unknown:
Can you remind us when was the pivot was released on on mainnet? When did you do the first, coinjoin with it?
[00:18:53] Unknown:
It's 2018.
[00:18:57] Unknown:
Yeah. Wow. Yeah. It's Real ways ways more recent than that, doesn't it, Open Arms? Yeah. Yes. I mean, especially
[00:19:06] Unknown:
that was basically the time I was starting to look into more deeply into, I mean, Bitcoin Bitcoin and Bitcoin privacy itself and started to contribute to project and and things and kind of was one of the one of the first advanced interface which I've which I started which I've started to use, you know, providing a very good coin control and just generally being able to just open it without and using it fairly privately from the network level without having a full node running yet at that time. So it it was certainly a change of, change of the way people were interacting with
[00:19:52] Unknown:
with Bitcoin. I mean, the space was massively different back then. I mean, if you look at some of the top projects, things like Specter, all the node packages, you know, the Raspberry Blitz, Umbrel. I don't I wonder if Raspberry Blitz start. Like, I I don't think that was even a thing yet, right, in 2018.
[00:20:10] Unknown:
I think it started in in the spring of 2018, and I started contributing towards the end. It is pretty much as Lightning came to Mainnet, shortly after.
[00:20:25] Unknown:
Because before Raspberry Pi Blitz was Raspberry Pi what's the other one?
[00:20:31] Unknown:
Raspberry Pi Raspberry Pi was the Right. Yeah. The project is static because, I mean, it was basically the same kind of thing to get Bitcoin and lightning, you know, running because, now there was an added incentive to run a node, not just, you know, spinning up Bitcoin Core on your desktop, but you wanted to have an online one for a dedicated hardware on Raspberry Pi to start with, to use to use a node to run a node, a lightning node, more specifically.
[00:21:03] Unknown:
So, I mean, to circle back here, Nopar, I mean, I appreciate the insight. I think a lot of what you answered my previous question about lessons learned come from the organization side, running such a a large, free open source project and a a for profit company that's, like, one and the same, which is actually really novel, coordinator and collect coin join fees and actually be quite profitable, is is, extremely novel. Historically, wallets have had very a lot of difficulty monetizing in an ethical way. Usually, they end up adding fiat, KYC, on ramps, and stuff to try and get fees, which is obviously really poor incentive, if if you want a free open source project to be focused on privacy.
But I guess the point of my question was more and maybe this is just because of my perspective. I mean, I was I'd already understood the importance of Bitcoin privacy, tools mostly because when I was an early Bitcoiner, I made a lot of fucking mistakes, and those mistakes exist on the Ledger. Like, I made those mistakes. I had no idea what the fuck I was doing, and they're there. They exist, and all these mistakes are are expanded even they're made much worse because of this creeping KYC that that we the KYC, know your customer, anti money laundering regulation where they require this really intimate exchanges require this really intimate private information that they store on you, that oftentimes gets leaked, hacked. We just had the largest KYC hack ever, happened, I think, yesterday or it came out yesterday or 2 days ago in India. It was like a 140,000,000 people, had their intimate personal information leaked, and that's just gonna get worse and worse and worse. I I as we have more of our personal information online, it'll undoubtedly get hacked, sold, leaked at some point in the future, aggregated and stored insecurely.
So that exacerbates the Bitcoin privacy concerns, to me. But I guess I guess that's kinda long winded. My my perspective has been when Wasabi came out, you know, I was, like, very, outspoken. Anyone who's around at the time remembers I was a very outspoken Wasabi user and promoter. And I want I I realized, you know, these tools allow you the goal of these tools is to hide amongst the crowd. The the goal of these tools is is is is you need you need usage for them. You could have the best tool ever, but if there's only 10 people using it, it doesn't matter what kind of privacy gains you get because you the an attacker still knows you're one of 10 people.
And so so usage is extremely important. Normalization is extremely important. Getting it up that getting those numbers up sooner rather than later is extremely important. And we exist in a space where the people we're up against it's an asymmetrical asymmetrical fight. The people we're up against are hiding in the shadows. They don't tell us what they know. They don't tell us what they're doing. They don't tell us, the data they're aggregating on us, but everything we do is in the open. All free open source software development's in the open. The ledger's in the open. All of our activities are in the open. Education, promotion, usage, all this is in the open on our side, and the the attackers are are are secretive, and and we don't really know what they're doing. So I guess where I'm going with this is from my perspective, myself using Wasabi and other people using Wasabi, there's there was and the questions they would ask me, there was a lot that I learned about designing privacy focused software for an end user in mind.
And I was wondering what takeaways you had because I know, like and and I guess we could get get into it more, but, like, the I think am I wrong in saying that the the point of Wasabi Wallet 2.0 is to try and mitigate a lot of the concerns that were learned from a user perspective with Wasabi Wallet 1?
[00:25:34] Unknown:
So yes. But that's not the the main point why we started researching it. The But but the main point was is that, you know, But but the main point was is that, you know, ZeroLink was figured out, so it no. Actually, Wasabi was figured out, so it breaks the links between the coins that arrives to your wallet through the coins, those are anonymized and private in your wallet. Like, it it doesn't it doesn't do do more. Like anyway, so so the main reason was is that we could already see and even in in the times of 0ing because I kept opening issues regarding that. But we could already see the huge limitations what what Xiaomi and Coin joins with 0 link applies.
How what is the potential of them? And it's it's not great. It doesn't go much further than that. It can go further.
[00:27:01] Unknown:
What kind of limitations?
[00:27:05] Unknown:
Oh, you know, the the minimum denomination, the this this this this point, what what I just said that it breaks the link between from the wallet, from the coins receiving to the wallet, to the coins spending to the wallet, that there is there are coins in between. Right? Like, if if you mix a coin, you spend it, and that generates a change, then that change shouldn't really go into the mix. I mean, sometimes it's a good idea, but but it's it's not it's it's not clear. Right? Like, this kind of limitations. But the the main limitation is the workspace efficiency.
If we keep creating these these simple equal outputs coin joints, what we are doing right now, then we're going to be priced out very fast. And and, you know, I I I think we we don't have a we we are not arguing about that. Right? Like, if more people come to Bitcoin, then block space goes up. So proportionately, CoinJoin fees are gonna be more painful to people than
[00:28:20] Unknown:
than it could be. Already priced out. Right? Like, it's it's significantly more expensive to to use to to use CoinJoin than to not use CoinJoin. I mean, the the the cheapest way for someone to use Bitcoin is just the worst privacy possible. Right? It's just, like, consolidate all of your UTXO sent to a single fucking UTXO, and then just spend from that.
[00:28:42] Unknown:
Exactly. And, actually, this is this is something what I I I've learned that it never really gets priced out because it will always be Economica to mix with more Bitcoins. Right? And that's that's a problem because because because it doesn't matter how much money you are you are transacting with the Bitcoin. What matters is how many bytes your transactions are using up, how much block space you are using up, and that does not correlate with the amount. So there will always be economical to to mix with with larger amounts. But, yeah, this this is going up and up and up, the equilibrium.
Right?
[00:29:30] Unknown:
Yeah. So, I mean, like, I've come to the conclusion, that, you know, using Bitcoin privately will always be more expensive, I think. I I I don't, you know even in, like, a world where we have signature aggregation and we have Lightning and stuff, maybe Lightning provides some kind of incentive to, you know, use Bitcoin more privately that's cheaper for you and we can get into that later. But I've kinda come to the conclusion that it'll always be more expensive. The goal should be maybe to make it only slightly more expensive. But when it comes to to when it comes to to increasing adoption, obviously, the single most important thing you can do is is lower costs. But I think the the the other two big things that people don't really talk about is, first of all, UX is is super fucking important. And I wanna dive into this with Open Arms because of, you know, Join Market was around. I think it it launched in 2015 as a project.
Correct. And and it never really got that much adoption, I think, primarily because of UX. And we can jump in that in a second. But the other thing that I've noticed that I've learned from an education point of view on the front lines with users, who I've provided workshops for and handheld them and stuff, is, like, the defaults are super fucking important. 99% of people will never fucking change the defaults. And if if if if an educator or a promoter is trying to increase adoption of something, telling them, you know, if you have a bunch of gotchas that you have to tell them every time you try and onboard someone new, you know, change this, change that, make sure you don't do this, make sure you don't do that, make sure you don't do this. They're especially in a world where all you have to do is make one mistake in privacy and it's on the ledger forever and you're fucked.
It's just a it's a losing strategy. It's a strategy where you just, you know, I it it's it's you're you're trying to run uphill. And and we've seen this with with Open Arms is he's he's packaged join market into this into this, like, raspi image and join inbox to try and make the default experience of join market better. Nopar, would you agree with me there that, like, that that most users aren't changing defaults and, like, you know, having sane reasonable defaults is is, like, really the only way to go forward with this?
[00:31:55] Unknown:
Oh, abs absolutely. In fact, you can go even further and, you know, I I I'm pretty sure you encounter this situation many times when you're talking with someone who who is into Monero, and and they they are talking about when Monero have privacy by default, and, you know, they they bring this up as an argument. Like, that's not what you would want, but that's exactly our goal with Bitcoin. Right? Privacy by default. Now will we ever get there? That's a that's a good question, but that's definitely the
[00:32:34] Unknown:
I always think it's work. Yeah. Yeah. Sorry for cutting you off. I mean, I just always think it's so interesting that, you know, there's all these insecure Bitcoiners that when people like us talk about, you know, improving Bitcoin privacy guarantees, They think it's, like, some kind of underhanded promotion of Monero. But, really, like, the the biggest existential threat to Monero is that Bitcoin is easier to use privately. Like, if we're successful here, like, there's absolutely no reason to use Monero. So it's absolutely hilarious to me, how often I have people, like, chirping at me that, you know, like, I'm, like, secretly promoting Monero. It makes no fucking sense logically.
[00:33:20] Unknown:
So, I mean, the the this work that they are doing is very important. Right? Like, if Bitcoin would really stay at it is today, in terms of privacy, then the only thing that would save a totalitarian, smart surveillance, Fortica system would be like a private Altcoin. So so I think it's very important that they are doing it. It's just my calculation is that, probably people don't care that much and gonna use Bitcoin anyway even if it's not private.
[00:33:56] Unknown:
Yeah. I mean, my perspective is I think Bitcoin, you know, is gonna be successful. So, if if we expect wide spread Bitcoin usage, then the focus, as a as someone who cares about privacy should be, you know, making it easier to use privately as much as possible because I I I think it's gonna be super successful regardless. Open Arms. So you wanna give some insight here in your your opinion on on your work on joining joining Box and and why defaults are important, why UX is important, why accessibility is important, why we have to increase these numbers. Like, I I really do feel like, like, how many CoinJoin users do we think there are, guys? Like, do we think are are there more than 10,000 people in the world using CoinJoin right now?
[00:34:40] Unknown:
That would've make sense if you could tell.
[00:34:43] Unknown:
But gut. Just saying gut. I think that's a very conservative overestimate. I think we're not even near 10,000.
[00:34:52] Unknown:
Yes. I mean, what I can see in the joint market order book, we have usually have between 102 100 offers, which means those are separate wallets, not necessarily separate people, but, you know.
[00:35:07] Unknown:
It's an upper bound. It is. The the the max it probably is is the max it is is, like, 200 people.
[00:35:15] Unknown:
Yeah. Of makers. Yes. Right. Of makers who are running at the time. Right? But so so yes. So coming to join market it's it's, it's a great rabbit hole, you know. I was I was very very, happy to fall down into. But to be honest, it needed some, you know, previous training with being familiar with Bitcoin transactions and, like, derivation parts, you know, things like gap limit and, you know, things that you would not just have when you that the only thing which you have used is a mobile wallet before. But if you if you have run a node and you have seen the command line before, then I think it it is a very good thing to look into what this OG and continuously improved wallet is able to offer.
So if you've used, like, Bitcoin Core in the in the command line, but then it's nothing stopping you to use join market as well. Join market also has a QT interface similar to what Bitcoin Core offers, which is, like, you where you can do coin control with a click of a button and you can like send coin joins and send and receive page joins as well. So so so it is it is very very usable, but it has this, requirement that you need to you must run a full node because that's what this connecting to. It needs it needs a Bitcoin RPC interface provided by Bitcoin Core to interact with the network and get the information out of your balances and your transactions.
So that's kind of the first thing which could have been I mean, which could have, improved a lot with just packaging it into into basically. And then also it it works as a as a standalone in in joining box. So you just spared that kind of setup process that now you need to set up a full node and install a Python package. All of this works best in Linux. So if you're not running Linux that you are in a bit of a difficulty, although you have, like, a windows dot x as well, which you can try. But yeah. And and you can use something like Wasabi as well in in Windows, but, you know, I wouldn't trust, any significant amounts on a computer running closed source this fiber. Does the Bitcoin privacy discussion start with Linux?
Yes. I think so. As as as I've said in the in the beginning, you know, there are different levels to this in in in your life. And starting with not leaking everything or a lot of things without your knowledge out of your computer is the first step to have better privacy. And then you you can move on to your phone and then, you know, you can transition try to, work towards running software only which you trust or which is auditable and which is
[00:38:37] Unknown:
based on freedom, basically. But And and this yes? There's 2 things here, Open Arms. Right? There's there's on chain footprint and and how your transactions look on chain, on on a chain that we expect to exist forever. We I like, I expect Yes. The Bitcoin Blockchain to outlive me. Right? Outlive my grandkids, outlive their grandkids. Like, this fucking thing is gonna be there forever. So you have the on chain footprint, that is on this ledger forever that everyone can view and inspect forever. And then you have this, like, network level, advanced attacker type of threat. Right? Where, like, Windows is closed source. Right? So maybe maybe information is leaking through your Windows computer to Microsoft or some kind of closed source vendor that's operating on on a Microsoft product or Apple or something like that Oh, yeah. Or your phone or something like that. But do we agree to Alexa and Google Home and etcetera. Yeah. Right. Like people have yeah. People have fucking they buy wiretaps, and they install them in their house that are run by global corporations that coordinate with governments. Exactly. That's the first step.
But but would you agree though that from a overarching basis, if we're looking at trying to help the most amount of users, have some kind of decent privacy improvements with Bitcoin, the the on chain footprint is first place to start. It's almost the it's the it's the thing that's gonna be there forever. It's it's the lowest hanging fruit.
[00:40:13] Unknown:
Yeah. No. Absolutely agree. I mean, so and and sorry for kind of, you know, did I link the conversation to to No. I love this. This is great. Continue. What software you are using? But I just tried to kind of explain why why it is difficult to get joint markets to get started with joint markets first of all because it's based in these principles that you already through these steps before. Right? That you are your kind of software practice or, like, informatic technology practice is already kind of at level where you can deal with the command line. Right? But it's obvious this is not true for most people and, you know, you shouldn't be, spending that much time, I mean, for for an average or if you are not a software developer or like a Bitcoin fanatic like us. Right? So that's why we have these note packages and that's why I've I've tried to put it as easy as possible to just install from a menu, you know press a button basically, and then you are provided with an interface which is an interactive guide which which where you see the options what you can do, and you don't need to look up any unfamiliar syntax in the, in the command line, which is but it shows you what it does, but you can just choose what you want to do. You don't need to look it up. So this kind of approach is just an interactive guide, so you don't need to follow a tutorial, but the tutorial is inside there.
And I mean so I've seen that people do enjoy and and I I know a lot of people who have started to use your own market because of this. And then once you get used to it, it is it has such, a wealth of functions that you can do the most most things which other wallets do as well. And there are advantages of the architecture, how it is how it is built up. Because I the most important thing, I see with coin joints and as we've discussed before as well and which is somewhat kind of makes it complicated and what it is not present in in Waselby that you have this mixed debts or different accounts idea that you're separating the those coins which have not been mixed, those which have been through a coin join, and the change from those transactions.
And, this happens in join markets in a way that it has kind of a circular build of circular architecture of 5 accounts, also called mixed debts, where the coins are just tumbling through only only able to progress between an account from an account to another if they are going through a coin join. And the unmixed change from that transaction is left behind in the previous account and the coin join output is progressing to the next account. And, also, how the wallet is written, I mean, obviously, you have all freedom to do whatever you like, but the default is that you are not allowed to spend not allowed to merge coins between different accounts.
Meaning, you are not merging the coin joint outputs with the omnix transactions. And and this this is something which is, you know, the the basic principle of of dealing with joint market. And, also, it just needs a bit of understanding because you deposit some money, deposit some Bitcoin, and then it goes through a couple of coin joints and, oh, where where did it go? Where it didn't go, it's still in the wallet, but it's in a different account separated.
[00:43:55] Unknown:
So let's pull those back for a second for the freaks in the back who are completely fucking lost right now.
[00:44:01] Unknown:
Definitely.
[00:44:02] Unknown:
The the I I I think the the place where we should start here is coin control. Coin control is this idea that for a lot of the freaks, your wallet that you're used to using, on mobile or even, like, one of the mainstream hardware wallets, like a treasure wallet dottreasure.io or ledger, it they they hide they hide the the gory details from you because they want to make it easier for you. But what they do is is is really when you have a wallet and it says, let's say, it's it says you have 40,000,000 sats in your wallet. Really, it's not just 40,000,000 sats in your wallet. There's all these different transactions in your wallet.
UTXO's unspent transaction outputs is what we call them that add up to 40,000,000 sats. So you have, like, one that's 10,000,000 sat, one that's 5,000,000 sat, one that's 15,000,000 sat, and they're all coming from presumably different sources. If I if I pay if I pay Open Arms 5,000,000 sats and his mom for Christmas pays him 3,000,000 sats, his wallet says 8,000,000 sats, but, really, there's one transaction for me and one transaction from his mom. So if he chooses the transaction for me to spend it, if he spends it if he combines those together, then me and his mom both know he owns that other transaction. So there's this there's this,
[00:45:27] Unknown:
there was this I'm gonna
[00:45:29] Unknown:
Unfortunately, you should pay heuristic. Correct? Right. But unfortunately, in Bitcoin land, there was this push by all these software wallet makers to kinda hide that from the user, and it it was a major negative to privacy. So now we have wallets like Wasabi, you know, Joy Market already had coin control. Bitcoin Core has always had coin control. But Wasabi was, like, one of the first consumer grade wallets for, like, the average consumer that just fucking put it right in front of you. You you had to use coin control, they forced it on you, and you had to label everything. And labeling is important because in 5 years when it comes time to spend, you're not gonna remember which transaction came from me and which transaction came from Open Arms' mom, so you need to fucking label it. But the problem exists that if we're trying to increase adoption here, expecting a user to it's like the unfortunate like, expecting a user to, like, use critical thinking and logic for every transaction they make and selecting their their inputs seems like a lost fucking cause. Like, how many users can we expect to do that?
Is that is that am I wrong here? Like, is it is it am I just jaded?
[00:46:41] Unknown:
Oh, you're absolutely correct. I mean, the last last many, one and a half year, I was thinking about how to remove coin control. And what does coin control really what what's the purpose behind it? Like, what what what does this one to to actually do? And and, you know, yeah, I I I go into this. So, I think there are 22 very important things here is coin control. You want to somehow this is somehow avoid change. This is change avoidance. You want to avoid changes in transactions, and and and we will have a solution for that. But the other other thing is which which is which is the labels or or more more precisely, what you're really interested in is about not the individual coins in terms of privacy, but what you're interested in is the the wallet, the clusters that an outside blockchain analysis might establish from your wallet content. And that makes it much simpler if if you think about it. Because instead of having a 100 coin in your wallet seeing a 100 coin in your wallet now, you would only see a couple of clusters belonging to multi, connected to multiple entities who might know about those clusters.
And and I think we can do that. But even further, but, well, a long time ago, we realized is that, you know, there isn't money much difference between mixed coins. Like, there is no reason to have coin control for mixed coins except chain ex except for change avoidance. And and yeah. So I think we should be able to remove it.
[00:49:00] Unknown:
Yeah. But so two things there. Let's unpack that a little bit. First of all, that last point is one of the reasons why I've been so outspoken about equal output coin joints, or just some kind like, this idea that it allows you to almost press a reset button on a coin's history. You know, you have a wallet that has a bunch of UTXO's and you didn't fucking do any labeling at the time. You have no idea, where any of those came from. If you had a a effective coin join implementation that you could use, you could almost, in effect, reset all of those UTXO's back to a base where where it doesn't matter which one you spend.
So there's a way to kind of reduce the need necessarily for for stringent recording and coin and coin control usage by an individual. I I it it's it seems like it's mostly a dream still, but there's something to be said there, especially if you use it in terms of and we'll get into this later, but something like lightning. Right? Where you if a while, like, automatically turns turns an output that you don't know what the history of it is into a coin join output, resets it, and then opens a channel with it, and then you spend on lightning going forward to have, like, some kind of level of forward privacy. The first thing you mentioned, are you, like, implying that to have, like, a wallet that that almost runs, like, on the fly chain analysis on your on your UTXO's to group them together?
[00:50:34] Unknown:
Yes. Exactly. It's much easier to do if you know exactly the wallet content.
[00:50:41] Unknown:
But, I mean, that's that'd be very computationally intensive. Right?
[00:50:46] Unknown:
Oh, no. Because you know the wallet content. You know exactly what came came from where, and then you can apply some basic heuristic, like, common ownership heuristics and, you know, use labeling,
[00:50:57] Unknown:
though? Is that what you're insinuating? Like, you use the labels to group them together, or is is the user is the user providing any information here?
[00:51:07] Unknown:
Yes. You use the labels to to create the clusters.
[00:51:12] Unknown:
I mean, this this is quite quite simple thing if you see the transaction graph and you have the you have the history of the coins and you have, obviously, the wallets already together. Like, joint market has automatic labeling as well, and this exactly, by these principles with a very simple kind of couple of lines of Python script. It does label the UTXOs to to deposit, change outputs, a non coin joint output, a coin joint output, and like address reused and things like that. So so, I mean, it is a transaction analysis rather than chain analysis, I would say, because the it doesn't really go back in the history.
[00:52:02] Unknown:
Yes. That's a good point.
[00:52:05] Unknown:
I mean, it's it's kind of, I mean, would do we are we expecting, like are are are these, like, you know, so called compliance bros? Are we gonna have, like I guess I'm kind of just getting really tangential here, but I'm gonna come back, but do we do we expect that they're gonna have, like, merchant wallets that are designed to actually, like, integrate some of these chain surveillance companies to do, like, on the fly fucking transaction analysis as as you're paying them? Like, are are is this a concern? That's already happening with the exchanges. Right? I mean, you know, all the all all the ones which are flagging coin joints, you know, they But, I mean, are is, like, a are we gonna have, like, a pop popular mobile wallets implemented and shit? Like obviously the custodial platforms are already doing this behind closed doors.
[00:52:56] Unknown:
I mean, there is Perogales, for example, which does show you this kind of transaction analysis write up, you know, of the bet on the on the GUI of the wallet. Obviously, it doesn't go back into the history, but it's good. There is no reason to to not do that. But that's the point that it should make no sense to do it because it should be just a mess. That's what we are trying to, achieve to improve the entropy of these transactions and, you know, just then you are just, kind of, fishing in the in the modern waters for some kind of information that but there would be no nothing which you can find out.
[00:53:41] Unknown:
So so yeah. Yeah. Go. Yeah. That that's a good point that, you know, when you're mixing, then it doesn't have to do any chain analysis because on your mixed coins, the only thing that coin control does at that point is that you can avoid changes. And if you can implement something that helps the user avoid changes, then you don't need coin control for mixed coins. Now for not mixed coins, which are the labeled coins, that's where Chainalysis must be well, okay. So I I think we don't have a a choice here. Right? Like, one choice is that we don't do any coin control and any blockchain on any wallet inter wallets analysis. I'm I'm not sure how how to to call it, but that's that's a bad thing. Right? Because then everything is connected together like like in in normal valets. You eventually end up end up connecting together with common ownership heuristics or your UTXs. So that's not good. So you you have to have coin control then, or this kind of chain are easy too, which makes it somewhat easier than a coin control.
[00:55:02] Unknown:
I mean, the the one solution or or, like, help here is, obviously we are thinking along alongside that, you have a mixed coin and it doesn't matter which one you spend you spend and but unfortunately it's very rarely possible that you won't have a change. And then, okay, you have one change and you labeled that that you have you have paid for groceries or whatever, and then you make another donation for like HRF or anything, and then maybe you do send another one to tool project, which might have be seen, kind of it could be even illegal in your country. And then you have 3 changes like this. And then when you send these changes together, then it will be obvious to the one who you're who you're paying with this merge transaction that you've been paying to a project and the grocery shop and the, and HRF as well. And, also, we'll see that's how much it was.
[00:56:05] Unknown:
But Uh-huh. Unless
[00:56:07] Unknown:
Yes. I mean, that's where this kind of so called post mix tools or kind of the spending can be different like you can do with some implementations. For example, in join market, you can pay with inside a coin join. Also, you can use page join where the transaction amount is not obvious and also the common ownership common input ownership is broken as well. So, you know, there are ways to make that change coming from the spending of that, mixed UTX, so not be toxic so called.
[00:56:46] Unknown:
Yeah. Yes. So that that's a good point. So for example, page join is a is a somewhat of a solution to that. Mixing the change is somewhat of a solution. The question is, how would you avoid change without coin control? A then you click continue. And there is a you you don't send a transaction just yet, but there is a there is a there is a screen that that gives you 3 options. One of the option is you you you continue normally. Like, you send the exact amount that you typed in. The other two option is that you send a little bit less or a little bit more. And, you know, that little bit less and little bit more is not going to generate changes.
So I think that's an elegant way of of, trying to tackle this issue, and then we'll see what happens in practice. But we'll yeah. I I I'm hopeful.
[00:57:56] Unknown:
Yeah. And then also, another very obvious solution, which I do like to use now is to go to layers too. So you have a coin, which is a coin joint output, and especially in in June market, it can be any amount. Right? There are no mixed pools, but but no fixed amount pools, but you can coin join any amount you like. It will be an equal amount coin join, equal amount output, but only within that coin join. So you will have various various, sizes of coins in in your wallet, especially if you're running as a maker and you will allow other people to use your liquidity to coin join with. And you can take size UTXO you like. For example, I'm I don't know, will, want to spend, you know, £300 on groceries this month or let's see whatever, a £1,000.
So I take a UTXO which is slight slightly, which is similar to that amount which I want to spend in during a time for a similar purpose, and I open a lightning channel with it without creating a change. So there will be no toxic so called toxic change there at all. And then I don't I I keep this lightning wallet completely separate so it will be one pop key to that one UTXO, and I just spend it and I don't close the channel until I've spent all. And that would not create change again. And, also, if I didn't spend all the things for my groceries, it's something that I've been left behind that I can just use a soft service where it's, where I can get someone else's UTXO back for my lightning payment.
[00:59:39] Unknown:
But that that's a very good point. Rolling onto Lightning Network, the user doesn't care that much about how much money goes to the Lightning Network, and you can just get close to his intent and,
[00:59:52] Unknown:
hopefully, that's enough. Well, I mean, the goal I think for a lot of people in the space that a lot of developers I've talked to is is this idea that make every lightning, you know, channel open a coin joint, which could increase usage numbers. I mean, people have to open a coin, have to open a channel anyway. There's actually an incentive there, a nice incentive where it could be cheaper for them to open a channel into Lightning if they coin join at the same time and group with other people. And I I I think that kinda goes back to what I said previously, where I think the the first low hanging fruit goal should be reducing on chain fucking errors, because those are forever. So, I mean, we can go back and forth on the theoretical concerns of of Lightning privacy, which I think there are a lot of them. You know, New York City Bitcoiner and and friend Gleb, released, like, a paper a couple days ago on, I didn't wanna butcher his last name. It's like Numenko, released a paper on, like, lightning probing and all all these, you know, jamming channels and and trying to figure out channel balances and tracking lightning transactions, and pub keys are fixed right now. So there's a lot of there's there's a lot of concerns to me. Yeah.
[01:01:06] Unknown:
With the like are easy easy to prove. But you can use private channels and you can use parallel private channels as well, which, you know, makes it much more difficult. Right. But
[01:01:16] Unknown:
but but obviously,
[01:01:17] Unknown:
it's an important point. There. My my point is is my point is at least you remove that on chain issue. Right? You at least you remove that concern of that on chain footprint that's that's forever. Right? Like, that that that is that that is a major benefit there. But but I I just I just wanna pull this conversation back for a second, and I I posted a a but some people might think it was a, a theoretical question, but I don't consider it a theoretical question. It is something that I have to discuss a lot, behind closed doors, and I think it really brings the concerns to light about, like, what we're up against.
A lot of a lot of what people say is don't use KYC services, and and and we've talked on this on this show, a lot about the dangers of KYC and this information collection. And, I mean, I personally think, like, especially if you're not using, you know, you're not you're not using CoinJoin after you use a KYC service, you're, like, extra vulnerable. But let's forget about all that for a second. Let's pretend you're an activist or you're you're you're you're speaking to an activist in Malaysia, And oh, no. Fuck. I apologize. Myanmar. You're talking to an activist in Myanmar, Burma, and you have you have this military coup that happened. Right? They're cutting the Internet fucking they're cutting the Internet every night at curfew to make sure that their transgressions aren't getting released. They're doing active Internet surveillance on dissidents, and you're cut off from the banking system.
This is happening today. This exists today. We have we have protesters and activists on the on the ground there that that aren't able to get money in. If Bitcoin seems like a natural ally in that type of fight. But if they open the most common thing to say would be have them run a BTC pay server. Right? And they're running a BTC pay server, and they're accepting donations to that BTC pay server, they're gonna have so many little UTXOs that they have no idea where they came from. And to, like, this like, to expect, like, an activist on the ground to be able to run use prudent coin control, that kind of situation, seems completely impossible.
Like, am I am I wrong there? Like, is there is what is there a disconnect there? Like, what how what's what's your perspective on that?
[01:04:06] Unknown:
I do like that question on Twitter, which you posted about, you have you have the situation and what you recommend. And, I mean, the the consensus seems seem to be, which I do agree as well, that I mean, if you can do use Lightning, I mean, it could be even custodial, right, if you are not exposing if if it's not. But, I mean, it has an online require requirement. But you might as well do it since, like, proposing a new address every time would need that kind of online requirement anyway. And I I know where this goes. And also there's a question in the chat about pay names, which do, kind of deal with this that you are providing a new address automatically on the communicating on chain, basically.
The thing is you have these outputs which now are in your wallet. And, I mean, putting aside the concerns with PayNim that, you know, how you recover recover the wallet and, you know, how much it is compatible with the implementations, etcetera. I mean, this is this is, you know, getting getting very technical. But when you when you're merging these transactions, you are in the same place. Right? If you if you receive transactions through a pay name and you just take and merge them, how does it not connect the sources?
[01:05:38] Unknown:
Right. Pay NIMs have the same issue. Pay NIM solves Pay NIMs attempt to solve the PayNIM's alternatively it's it's it's Bitcoin's version of stealth address, which Monero has implemented. I kinda wanna see Liquid implement stealth addresses. I it's weird that they haven't yet. I think that could be, like, a killer feature, but I digress. The the the key aspect is you should and and this is something that that I hold very dear as a as a as a goal that I think I would love to see software developers focus on, besides Samurais, is this idea that you should be able to post a text string, without any hosting requirements that allows people to pay you in a relatively private way on Bitcoin.
And that's what PayNim's attempts to solve is is is this idea that, like, an activist who is who has, you know, a authoritarian government that's actively trying to destroy their way of life is gonna be able to run a 247 BTC pay server and manage, you know, liquidity constraints on lightning is fucking out of out of you know, never gonna happen. Like, that is just not a realistic expectation. Can they post on their social media? Can they post a single texturing? In this case, you know, the a a Paynam name or a payment code, which is really the PayNIM name links to a payment code.
Yes. Like, that seems very reasonable to me. The main negative of of PayNim is that they have this on chain it's on chain. And and so right now, you have this notification transaction with current fees. I mean, you're talking $25, $30, just to activate that process. Right? We just saw HRF just added Pay NIMs. If you wanna donate to HRF, you have to pay this this first you have to pay this notification transaction, which is is gonna get more and more expensive as Bitcoin pumps and as fees pump. And at the top of that, what you mentioned, Open Arms, you don't solve the after issue.
Right? You don't solve the issue that the that the activist is sitting on a ton of a ton of UTXOs that that, you know, they have to practice prudent coin control or go into CoinJoin at that point. Right? Right. 1 by 1. 1 by 1. And and anything that's underneath the lowest CoinJoin, amount, they wouldn't be able to unless at at join market, they could. Right? Exactly. No such thing to join market. Right. Yep.
[01:08:10] Unknown:
I mean, as 16102 mentions, and also as I wanted to tell the next thing is that you would need to have some kind of way to, communicate your donation place. Let it be a website or an email or somewhere where people can ping you. I mean, you can just publish
[01:08:30] Unknown:
Bitcoin addresses, you know. It is what Belcher does.
[01:08:33] Unknown:
Yeah. Exactly. It's so simple. You just need to have a website which on on a click maybe with some, you know, spam protection or like, you know, you need to solve a capture or something to to acquire it. You just dump thousands of addresses from your wallet, and you put it in a in a rolling basis.
[01:08:55] Unknown:
But then you're still running a 247 server to serve them up.
[01:09:00] Unknown:
Yeah. But the the the service requirement is what is, like, you know, serving a text based web page. That's I mean, you must be able to do that. Or that could be a Telegram bot, you know, or it could be I mean, it depends what kind of communication you are using. Right? But you see that you see see the significant advantage of something like a stealth address. Right?
[01:09:20] Unknown:
Yeah. That this is fixed. Yes. Yes. You can post you can send out a single tweet. It just has your stealth address on it, and every person who pays you automatically gets a new derived address. It's certainly much better than using just a just a fixed address because that's the other alternative.
[01:09:38] Unknown:
You know, there is there is not even a question. You cannot stop merging everything which comes to the same address, obviously. But then, yeah, I mean, that's that that is not a good solution, but that is that was so far the
[01:09:56] Unknown:
the way people did it. Right? I mean, custodial lightning, you mentioned that, is fucking great, in terms of privacy. I mean, it's not great for trust. It's custodial privacy is what it is. I mean, you're you're you're trusting whatever the custodian is with your privacy instead, and also regulators are just gonna crush that shit. But it is an it is an interesting point that you made because I think Bitcoin's privacy shortcomings were kinda hidden in the early days because we had so many custodial services. And then we made this push to self custody, which is great, but it comes with this privacy trade off. Right? Like, if you use the custodial service, there's no the on chain footprint issue is solved ish ish.
[01:10:41] Unknown:
Yeah.
[01:10:42] Unknown:
No Power, what's your opinion here? Donations, activists, you know, with Did you agree with me that this should be, like, this should be, like, the most obvious Bitcoin use case?
[01:10:55] Unknown:
I agree that there is a problem that stat addresses address, and actually 2 problems. Right? One is how do you accept donations privately? And as OpenOM said, there might be other ways like how Chris Butcher does it. But the other other big big big benefit of of stat addresses is is the user experience. Right? Like, you you basically save 1 round trip from with with another person, because they don't have to give you your address because you already know how to communicate value to them. So, yes, I'm not sure what what way it it will it will end up being I mean, I I hope this will be a standard at one point in the future. I'm just not sure what what standard we'll hear be. And and, actually, I would like to even go further and bring pay to endpoint in in into the conversation because, you know, pay join, in my mind at least is just one application of pay to endpoint.
Because what pay to endpoint really means is that you have a a peer to peer channel communication channel with another person. So I would I mean, just if if I would have to write something today regarding this, then what I would do is I would I would create I I would just just let users to pass around Tor addresses and and and then communicate there. And and the problem with that, of course, that what if the other person is not online? And my answer to that solution is that answer to that problem is that I don't think we have to address that problem because everyone's gonna be online.
I I'm not sure. Maybe it takes 5 years, maybe 10 years, maybe 50 years. But at one point in the future, in our lifetime, everyone's going to be always online. So that should not be a a problem, I think. Do do you not see, like, in a hostile environment?
[01:13:33] Unknown:
Page 1 has the same issue? Like, in a hostile environment, to to expect to expect someone to run a server 247 in a private way, it's like so it's a way it's a way greater ask to expect them to be able to do that without completely doxing themselves. And we already see it happening where if you try and use any kind of professional server unless you're using, like, not all, like, fucking keto miners, dope ass, fucking, you know, pay Bitcoin with no KYC whatsoever. We see creeping KYC happening on all of these server providers.
[01:14:09] Unknown:
Oh, oh, sorry. Sorry. I wasn't clear. So what what I wanted to say is that I I think we are gonna be online not with servers, but with our our laptops and our mobile phones, they gonna they gonna be online all the time, and and we won't have this problem of having to set up a server.
[01:14:30] Unknown:
Right. I mean, Tor helps in that regard. Right? Because Tor, you can actually, in a relatively private way, host some kind of page or something directly from your device without a server. I just wanted to show real quick on the screen, this is from NetBlocks, which tracks Internet freedom around the world. And this is this is the Myanmar government turning off Internet every night. They turn off the Internet every fucking night for the last 18 days they've been doing it. Like, this is this is not a this is not a theoretical thing, and it's gonna become more and more common that that when there's protest movements, the Internet's gonna get cut. Do we agree on this?
[01:15:19] Unknown:
Of course.
[01:15:21] Unknown:
Yes. I mean, in, you know, the more or less connected society to start it, the bigger problem it is, of course. I mean, you will have, like, satellite, machinist works, ray ham radios, etcetera. But, yeah, of course, it is a problem. You need to be able to to publish, like, you know, again, this is now getting into a difficult UX question, but again PGP signatures come come into mind here that if you can verify if you publish, you know, across many different, media or, like, social networks or anything, signed messages with Bitcoin addresses that, you know, this is the donation address of my of of that, kind of organization leading donations.
And then you can you can verify it, and you can see also if it was used or not. I mean, it's not ideal because, you know, you would,
[01:16:23] Unknown:
yes, in adversity, you would just be able to collect all of these addresses and obviously It doesn't give you any real privacy benefit over just posting a static fixed address. I mean, it's not obvious on chain at least. The attacker would have to actively pull them. Right?
[01:16:36] Unknown:
Yeah. Yeah. That's that's the only benefit. Yeah. I mean, you know, it to be honest, I mean, a single address does come into play here as well. But, yeah, a status would be advantageous, but also what what what is the so how many times if when you donate someone, do you are you intending to donate monthly or like weekly? You you usually just send a one off transaction. Right? So, I mean, I know that there is a proposal now improving b 47 that there which would require no notification transaction, but then it would need this tour channel, which tour Nupurra was mentioning, which would need to communicate with the with the senders. So either online or you need to communicate on chain only. Well, you could have, like, a coordinator
[01:17:22] Unknown:
just like we do for the chamion coin joints. You could have, like, a blinded coordinator that's that's serving up, instead of the notification transaction. Right? But let's Do you see what I'm saying? Like, the activist doesn't necessarily need to be online in that scenario. They could just be as long as regulators are fine, and it seems like they they're they it's everyone's walking a very tight rope here, but it seems like regulators are fine with these blinded coordinators. As long as they're fine with blinded coordinators, then presumably we could have a blinded bip 47 coordinator.
[01:18:06] Unknown:
Well, I mean, you know, I'm no expert on this, but it's probably things which, like, PLCs come into to mind as well that, you know, you might just use use an Oracle tweaking or sorting your address without it knowing it at all. But, you know, this is not available at the moment, or I wouldn't know how to set it up for sure.
[01:18:28] Unknown:
Okay. This has been great so far. I wanna keep the conversation moving. I have a bunch of topics I wanna hit on the scratch pad. CoinJoin flagging. We're seeing this happen more and more. Block BlockFind now is, like, leading the way in, like, the most draconian, screenshots. I mean, what is it? The Block 5 prohibited transaction screenshot that is circulating? I'll put it on the I'll put it on the screen in a second. This idea that that we have these regulated companies, that are flagging CoinJoin usage both on deposits and withdrawals. Some are doing it only in deposits, some are only doing it on withdrawals.
CoinJoin is obvious on chain. It's very obvious on chain, by design. What where what is your guys' perspective here? Should we expect like, I pretty much now I'm operating under the expectation that I just expect every single regulated entity to just not accept them. And and and that's coming from a person who's every stat I hold has CoinJoin history. So it's not FUD.
[01:19:44] Unknown:
Yeah. So, I mean, it's same here. I think, you know, at currently, just to be clear, this is always, to my knowledge, an overreach from the from the side of the provider. There is no legal requirement to flag coin joints because they are only missing the history. They're not I mean, at most most of the cases, they don't have it's, like, not taint in the classical sense that, you know, you have been paying a darknet market before and the transactions are connected. But it's just the fact that you wanted to be private, And there is no requirement to not accept these kind of transactions. Because as I've said in the beginning, you know, if we wouldn't do this, then we are coming to such a state of surveillance which have ever been seen before, and we have certainly wouldn't want to be the part of that. So these services, I think, you know, just avoid them. There is no reason to use any of these.
[01:20:51] Unknown:
No, Paul. What's your opinion here?
[01:20:55] Unknown:
I have many. Not even sure which ones to start with.
[01:20:59] Unknown:
Oh, we have time.
[01:21:01] Unknown:
If if if we want to boil down the the whole issue to to one question, then this is the question is, should pry seeking privacy be considered suspicious? And, well, unfortunately, the answer for many of these services is that yes.
[01:21:27] Unknown:
However
[01:21:30] Unknown:
or or maybe not not however, but as far as I can see, it there is no solution to this no technical solution to this, but only social solutions. Because if you if you think about it, let's use Monero. Right? That's that's the first answer. Well, if you are using Monero, then you are privacy seeking, so you should not be in that service. So they decide to not even implement it. That's a problem. So maybe I'll advertise Monero in a way that it's for never mind. Okay. So so what test do we have here? We we have coin joints, which which is which which are obvious on chain and that nothing's gonna fix that.
We have pay join and coin swap. Those are different things. Actually, pay join is a kind of coin join, but but in the sense, they are the same things because what page join does is it joins your history in the eyes of blockchain analysis with another person. And what coin swaps do is it swaps your history with another person. So, well, it's not obvious that that coin swap or page only happened. But the problem is that if you are swapping with the wrong person, that's that's again a problem. So so I don't oh, and there is lightning network. Actually, the the electrum Electrum tool developer, said in a conference a couple of years ago that, you know, lightning network shouldn't even be called lightning network. It should be called the dark network because it's just, it just it's basically a social solution to to the is privacy should be should be suspicious that you can say, well, I'm transacting with Lightning because I want to I want want it cheap, and I want it fast.
But on the other hand, I mean, there were lightning network know your customer and and and and and similar,
[01:24:10] Unknown:
things are already going up. I mean, I think I think we're gonna see I'm not trying to, like, it's it's so it's super frustrating. I, you know, I do it to myself. I'm a little bit of masochist. I like talking about the hard topics, so I tend to have, you know, I I tend to dive right into every single drama topic, and, you know, so I get chirped out all the time. But I do expect, you know, I think we're gonna watch lightning. We're gonna watch regulated companies try and capture the fuck out of lightning, and the governments that they report to try and capture the fuck out of lightning. Like, I'm talking about, you know, pub keys that are white listed versus pub keys that are black listed, like big documents, you know, databases of of who's using what, channel capacities, all this different stuff. But I but I do agree that, you know, Lightning has significant significant privacy improvements, that that could be taken advantage of there. I do think 2 things here that I think I'm kind of curious on your opinion of from from both of you is, the the the first thing is I think, ultimately, my expectation is that regulated entities are gonna basically at at least discourage self custody, across the board, if not completely not allow it. Right? And we already see that happening with services like Robinhood or PayPal where you can't withdraw.
They might allow you deposit, but they won't let you withdraw Bitcoin and hold it yourself. I think that's the natural end goal if we have any kind of Bitcoin, as as as it becomes easier to use Bitcoin privately, the natural end goal is gonna be that they're just gonna try and cut it off, and they're just gonna try and make it so regulated entities only let you have numbers on the screen and pay approved people or pay approved merchants, yada yada yada. The second I almost I feel like we should reframe this whole discussion. I don't think the fact that CoinJoin is obvious on chain is this massive negative.
I mean, the standard for protecting speech is encryption. If you if if you use encryption, if I send Open Arms an encrypted message, it is absolutely obvious to anyone watching that that message that we're using encryption. They don't know what the contents of of of the message are, but they absolutely know that we're using encryption. How is that any different than them absolutely knowing we're using CoinJoin, but, you know, if the implementation works well, they they they can't tell this, you know, the history of the funds? How is that any fucking different?
[01:26:52] Unknown:
That that's exactly the same. Right? It's the question of should seeking privacy be considered suspicious, and and and the best way would be that if seeking privacy would be the default, then no one could be able to make this argument. Right?
[01:27:12] Unknown:
Open arms. What's your perspective here?
[01:27:15] Unknown:
Well, I I I agree that, you know, lightning paying with lightning does have much better values here because you just don't see there is no way to see where the sets are coming from. So the sets on lightning are much more fungible. And this is because you would need active real time surveillance to to prove all the public channels and even then you wouldn't be able to see maybe you would you could estimate where, you know, which was the first public channel where the payment is coming from, but this adoption increases as the number of payments increases as we introduce, you know, some kind of, things which do fail payments randomly, for example, or, like, you know, rebel ultimate rebalances and things. They do change the picture so often and, unpredictably that this is, you know, this is not really realistic. It's just very good to, know, have these articles, researching it and, you know, I love to read them but also it it is to see the pain points and, you know, be able to to work more on it. So and lightning is is is I see it as a solution at least to spend.
But then the same thing applies that if you don't apply if you don't allow coin joint payments or coin joint funds to be deposited, then you wouldn't allow lightning deposits either. And if you can see it, this, for example, with the with bottle pay is like, you know, came to the UK market straight on, and in a couple of days they started to block coin joints because they probably, you know, did it from I mean, yeah, I I I didn't go into that why, but it's a bad thing. And they allow lightning trans lightning deposits, but it's very limited. Like, you can like, a couple of pounds you can deposit only. Right? So obviously it's it's it's the same thing. If there is even there there is a thing which could be private, or let's see that you know why would anyone allow Monero deposits if they don't allow coin joint payments and lightning deposits either.
So it's the same problem. We need to step step up and Can I just iron, steel man that for a second? Okay.
[01:29:51] Unknown:
Well, first of all, disclosure, I am a Pfizer of, bottle pay and have a small equity position as a result in that. Okay. That is not a there's the that agreement has no endorsement, or paid promotion involved in it. My goal is to try and make that product as possible, so just I want that to be aware. You know, obviously, I disagree with with their idea to to to Blockcoin join, deposits. I I literally cannot use the service besides the fact that it's UK only, but I could not use the service, to deposit funds into, because of of my CoinJoin history.
So I wanna steal, man, your your thing about so I say this all the time too. I agree. The the the ultimate the ultimate end goal is, like, if if, if a service is gonna discriminate against something that is privacy preserving deposit, they're gonna do it across the board. A Monero promoter would tell you though, and they've told me many times, and it's actually a very valid point, I think, and I'm curious on your opinion, is Kraken's a perfect example. Kraken has accepted Monero deposits for years now. Also, at the same time, they have active contracts with chain surveillance firms, where they are discriminating against, user deposits. Right? They're, like, checking Bitcoin history, but at the same time accepting Monero deposits.
So is there is that true? Are we correct in that regard? Or is it just, like, a a low time preference thing, like, it'll happen eventually, it just hasn't happened yet?
[01:31:31] Unknown:
Well, look. Bitfinex does, allow, KYC free lightning deposits to no limit, and you can withdraw Bitcoin as well if you pay the fee. You can even withdraw liquid or you can do the other ways around to deposit liquid or lightning and withdraw a light or liquid. Yeah. So any combination. Right? You don't even need to KYC for it. But that doesn't prove the point that if you want to if you are allowed and we don't step up to stop you know, if we allow people or governments to strip us from our rights to be private, then we are in the Orwell 1984. And, you know, that is not acceptable, and that's not because of the if the technology is flawed, but because that's what the regulators put to us.
[01:32:33] Unknown:
You know, ultimately, there is maybe only one one solution that I can see is that we build better sheet, we build build better software, and we outcompete them. And if if we are right if we are right about that, users are going to choose our solutions because we are better than they are going to choose our solutions. And and, well, privacy becomes the norm and not a not a crime.
[01:33:08] Unknown:
Yeah. I mean, need to continue to maximize the ability to do peers to peers transactions freely, Freely as in freedom. And then, you know, we can oppose the regulators because we don't need to use services. We don't need to participate in k y KYC. I don't even need to consider sending coin coin join UTXOs to to the exchange because I don't use exchanges. And Right. Not going to be either.
[01:33:36] Unknown:
A lot of new coiners find it hard to believe, but I have literally never deposited any Bitcoin into any regulated service ever, period. And I have no intention to ever do that in the future. It's an exit. You have to exit the system. But do you agree here well, I guess, do you agree that there's, like, a sense of urgency here? Like, I feel like there's a sense of urgency. Like, we need Bitcoiners to be aware of this shit. They need to be aware of it yesterday, and they we need to increase adoption. I'm about to pull up a this is Kraken, you know, they have shitcoin issues, but, Jesse Powell, the Kraken founder, has been very outspoken about information collection and being against that and and pushing back against government overreach.
And in that regard, they're they lead the way with their information disclosures in terms of of how much information is asked, from them from governments. So I'm putting on the screen for the people who are watching live or watching the video version, This is their law enforcement request. It's a fucking issue, man. Like, this is crazy.
[01:34:49] Unknown:
Well,
[01:34:53] Unknown:
yeah, you shouldn't expose yourself to this. And, you know, raising awareness of it and explaining why it is important, I think, you know, I I I try to do, for example, like, regular tweets about what's the value in coin joints. You know? And I do believe that fungible coins are more valuable, the ones which are trace traceable and tied to an identity. And not because, you know, one you can sell and exchange another one not, but because the fungible ones you can spend as you like without exposing your history and exposing your your position and privacy.
[01:35:30] Unknown:
I I think I think Matt is is is coming back to to the same same similar topic all all the time, which is I think there is a there is a there is a conflict between some developers who who acknowledge that trusted third parties are security risk, and so we should stay as far away from them as possible and not do anything. But on the other hand, you know, celebrities are posting about Bitcoin. Elon Musk is is bringing up, bringing in a flood of new users. And and, you know, if you think about in it it that way then, sure, trusted third parties are security risk.
But how can you maximize the good that you can can do? And that would be like like trying to be a user friendly applications that well, at at first, make sure it's non custody. Hopefully, I I think that's that's a good line there. The other thing is try to improve your the privacy of your users. What else do we have? Oh, yeah. The people at the Lightning Network, they want to fix the scaling issue. And and the last last front here, which no one really talks about anymore, is that decentralized the miners, because we kinda lost that far at at this point.
So so so, yeah, there is a sense of urgency. Right? And and if we we consider that we don't don't touch any any any trusted third party, we don't consider them at all, then, you don't maximize the good that you can do in the world. However, just just just solely on the blacklisting list issue, I I I believe if we build stuff into our software that is that is considering the blacklisting, then that's the lowest level where we can be at staffing to and acknowledge the blacklisting issue, and and that's that's that's how you lose it.
[01:38:09] Unknown:
I mean, look, I a 100% agree. We've said this on the show a 1000000 times. Trust your parties are security holes. You wanna use trust minimized services as much as possible. Anyone who uses the word trustless is probably acting in bad faith because there's very few things in our life that actually have zero trust whatsoever. But there there is an interesting disconnect between, Bitcoin Twitter and the real world where we see the overwhelming majority of of privacy seeking Bitcoin users, especially before Wasabi existed, but even now, choose to go with custodial mixers, which have, you know, obviously, like, they've they've been accused of being honey pots in the past. You have to have complete trust in them, but they they a 100% break the the transaction graph. So I I would there there is there's a nuanced argument here, and and and Open Arms kinda said it on, on his own. Right? And someone said in the comments, I think it was I think it was Kiteminer said in the comments, Wallet of Satoshi, like, could custodial a custodial wallet, provides a a level of privacy that that that breaks that transaction graph, but then you have to trust that entity. Right?
[01:39:37] Unknown:
Yeah. You know, that's that's a huge mystery for me because you asked me what I learned. And one of the assumption that I had when launching wasabi is that, you know, it's it's it's just like custody on mixers. It's just does not need a third party trust, and it it and it's it's non custody. Yeah. And, you know, I thought that, well, I'm gonna launch for savvy, and everyone's gonna come right away and start using it. But that didn't happen. It took, like, a year to get a decent volume at wasabi, and and and the castor diar mixers are still the the the majority of the
[01:40:26] Unknown:
Like, it's not even close. Right? Users. They're they're having they have way, way, way more volume.
[01:40:33] Unknown:
Exact exactly. Actually, I I I did calculations. I I don't know if they are correct, but back then my calculations were that if we have 100 people in the coin join, then taking the cast of the almixer volume, we would be able to do a 100 people coin join in every 3 to 5 minutes. Well, we are not there.
[01:41:00] Unknown:
Open Arms, do you have an opinion on this disconnect? Like, I feel like there's, like, a massive disconnect between, like, the users and the the, you know, the so called Bitcoin fanatics like you call them.
[01:41:13] Unknown:
Yeah. I mean, I'm not sure how we can prove the the volume on on costidore mixers. I mean, wouldn't that be just, so called, like, wash wash mixing, so called? You know, you just,
[01:41:25] Unknown:
Yeah. I mean, there's the it's it's I mean, look, to if we're gonna be frank, we we can't we can't really definitively prove the the volume of any of these tools. We do. Because there there is an incentive that is is is built into these centralized, coordinated coin joints to inflate volumes, and and you you can absolutely, you you can you can absolutely, inflate volumes on join market as well. Right? But if you look at, like, Bitcoin talk signatures and stuff, Bitcoin talk conversations, dread, like you look at the forums, you look at, like, the dark net market forums and stuff, people don't realize like the 1st custodial mixer, the 1st really widespread used custodial mixer was Silk Road. Right?
You see the users talking about it. They're use they're people are using it.
[01:42:22] Unknown:
Yeah. Because it's easy. I mean, the other other thing is to is just how small, but incentive to participate. I mean, you know, I I I feel that with the Lightning Network as well as with joint markets that you can without giving up up custody of your funds, you can participate in something which you can think I think it is beneficial either like providing liquidity on the light network for routing and people to pastry or for coin join liquidity in in join market, and you can actually earn make some set of shoes out of it. It is a good feeling. And it also, you know, happens because you have these people who have this mindset that you your money should do something. Right? This comes from a fiat mindset of basically from an inflationary currency. But there are these things which you can do without giving up the custody and your security of your funds and even you can I mean, for both things, you get you get some usefulness out of it? If you have your funds on lightning, you have basically the most liquid way of having Bitcoin around in your custody. And in coin join, as even as a maker, as a liquidity provider, you are increasing the privacy of your of your funds.
[01:43:37] Unknown:
Well, so just to be clear here, so 61 2 asked me or asked all of us in the live chat, what is the incentive to inflate joint market volume? I didn't mean to really so the incentive for coordinated coin joins, like Wasabi and Samurai is to make it seem like there's more people using it, and then they those coordinators make more in fees. And in Wasabi, there's actually because the fees scale up with the the more the more inputs in a in a coin join, there's actually a reverse incentive where if if they were to increase the volume, they would make more in fees in addition to just making it perceived more common.
With join market, that's not the case because you don't have a centralized coordinator, you have this maker taker structure. What I meant to what what I meant is I didn't mean to imply that there's an incentive to to to in inflate joint market numbers. What I meant to say is is that the volume numbers should be treated as an upper bound, because you can a let's let's run through a hypothetical. A hypothetical being a major chain surveillance firm that is valued at $3,000,000,000 is is is providing maker maker liquidity on on join market to have a better insight on what's happening over there.
And they're also running a taker bot that runs through the maker to make it seem like more people are using join markets, so people feel more comfortable and come over there and end up using them as a maker. So there there it should it should always be treated as the upper bound. It should not be treated as a hard number. It should be treated as, okay, we know there's not more than this volume. There's there's there could be as much as this volume, but it's probably somewhere below that. Would you agree, both of you?
[01:45:33] Unknown:
Yeah. Yeah. Of course. It's just, you know, obviously, this entity would end up paying random makers, you know, money which is, I mean, you know, they they got the service because they paid for it. Obviously, this is not good. But then you would yeah. Also you don't need to be closed into one of the, you know, gardens of one solution to this. Not speaking of, like, one coin joint implementation and also not speak about one privacy technique. Right? You can combine nowadays. I think I do think there's a best is to coin join and go to lightning. And then when you go off go from go out from lightning because you close the channel with the balance, you go back to coinjoin. And then again, you only have to only open another channel when you have CoinJoin those funds. And, you know, it's just, you need to jump between these things.
No problem.
[01:46:34] Unknown:
Yeah. No one really talks about this. Do you agree with me that there's a broken incentive? Like, I I I I believe you guys are I I love your team. I don't think you're I would never call you a spook. I I I don't, I don't like that that these things always devolve into personal attacks. But do you agree with me that, like, that as as a coordinator in the Wasabi implementation, the coordinator is able to they they have a broken incentive where if they inflate the volume numbers, if they run their own funds through Wasabi, the the fees are increased?
[01:47:11] Unknown:
So I I actually would like to go even deeper into this this topic with you because because if so so so I was research I was trying to familiarize myself with your views. And and if I'm not mistaken, then this topic is your main criticism of Wasabi. Is is that correct?
[01:47:40] Unknown:
My main criticism is is that mixed with the fact that I think the user defaults, which we we touched on earlier, I think the user defaults are are are are not adequate. Like, I feel like when I onboard someone onto Wasabi, I have to tell them, like, a bunch of a bunch of best practices that they have to change after they get onboarded.
[01:48:04] Unknown:
Oh, alright. So let let let's let's stick with maybe this topic at first, and then we'll see where we are going from here. So, let let me see. Maybe I just I just bring up a few statistics that may be may be relevant later. No. I mean, before we get there, just, like, really quick, like
[01:48:26] Unknown:
like, Wasabi fees are based on the number of inputs in a in a round. Right? They scale up. If if I if it's a 100 person if it's a 100 UTXO round, it's more expensive for the user than if it's a a a a 25 person a 25 UTXO round. Right? Uh-huh. Exactly. And And the fees are paid to the Wasabi coordinator, which is the the coordinator itself. So, obviously, it's not providing civil resistance to the coordinator itself unless unless on chain fees are high. I'll give you that. But on chain fees have not been high in the past.
[01:49:01] Unknown:
Oh, okay. So that's that's where we are diverging. Okay. Because I agree with you that there is an economical incentive for the coordinator to do to to participate, but I do not agree with the implications there. But anyhow, be because because it's would you like to say something else?
[01:49:25] Unknown:
No. I'm not I'm I'm letting you speak. I I I just it's it's not that I'm not trying to accuse you of doing it. I'm just saying that, you know, that's what makes it trust minimized service rather than something that's trustless. I mean, you have to like, we're trusting that you're not sibling your own rounds.
[01:49:42] Unknown:
Uh-huh. Okay. So would you mind explaining what do you mean by CPL attack?
[01:49:53] Unknown:
I I mean, filling the rounds with your own UTXOs to increase the fees of of your own rounds. Right? Because because the the the historically, as a user of of Wasabi, I paid you a large amount in coinjoin fees, and those coinjoin fees are significantly higher than on chain fees I paid. It's it's not even close. Like, the like like, when the on chain fees flip the CoinJoin fees, then that's a a proper incentive, and I think that will happen in the future. It just has not happened yet.
[01:50:33] Unknown:
Alright. So the the intuition there is, if you think about it, let's say, 99 honest users and one coordinator peer. And and the question is, does it make sense to add the coordinator peer there? Do we do we get would we get more money out of the the coin joints than what we put in? Right? That's that's the question.
[01:51:00] Unknown:
Right.
[01:51:01] Unknown:
Yes. And and the answer is yes. We would get more money, out of the coin join if we would participate. Okay. So let's let's look at the lower end here, which is there is only one honest user. So would it make sense for us to to add the coordinator peer?
[01:51:26] Unknown:
What do you mean?
[01:51:28] Unknown:
I mean, if there is one honest user, does it make sense the coordinator to coin join with that honest user?
[01:51:37] Unknown:
Well, I mean I mean, that that that is User pays for it. Yeah. What was that, Openoms? The user pays for it. Of course, it would. Yeah. It would still it'd still be worth it. You'd still make money.
[01:51:49] Unknown:
The coordinator also pays network fees.
[01:51:53] Unknown:
Right. If if if network fees go up if network fees go up, which they have been recently, then then all of a sudden the incentive starts working itself out. But historically and also the other thing is if rounds are routinely full, if they're hitting the 100100 UTXO cap, you're leaving fees on the table if you try and come in, but both of those things haven't been the case. The other thing is this is not just Wasabi this is not just your coordinator. There there are other coordinators that you can use with Wasabi. All those coordinators have the broken incentive to inflate their own volume.
[01:52:36] Unknown:
Oh, okay. I I just want to to go exactly precisely into what the incentive what is it incentivizing for because, you know, it's it's not that hard. And and if you think about it, not think about it, average network fees per user in Vasavi coin joins in the last month was $2, and the coordinator fee, per participant, per anonymity set is $0.16. So what we can get out of this is that 99 honest peers all pay $0.16 for 1 more coordinator peer. Right?
[01:53:25] Unknown:
You're implying that the network fee is more expensive than the coin joint fee.
[01:53:31] Unknown:
Oh, I'm I'm no. No. No. I'm I'm implying exactly what are the network fees here and what are the coin join fees.
[01:53:38] Unknown:
The when when if the user uses Wasabi, the coin joint fee is the significant expense. Is that the the the fee I pay you is significantly more expensive than the fee I pay the Bitcoin miners. Right?
[01:53:52] Unknown:
I'm not sure that's the case, but I don't think that's relevant.
[01:53:57] Unknown:
That is the crux of the that's the crux of the incentive issue. Look. I I and I I wanna be absolutely clear here. Any centralized coordinated coin joint in my mind does not provide civil resistance against the coordinator. If the coordinator wants to attack you, the coordinator can do so at minimal cost because they don't have to pay the CoinJoin fee regardless. My issue is that in the way Wasabi is implemented currently, the there is actually even worse than that because there's a direct financial incentive for the coordinator to increase the for the coordinator to push their own volume through the system.
[01:54:40] Unknown:
Yeah. Yes. Exactly. It's just it's just not not not a silly incentive, but, you know, because do you do you understand why it doesn't make sense for the coordinator to participate if only 1 user there one honest user there is because the coordinator piece pays more network fees than the than how much the user would pay for coordinator fees.
[01:55:13] Unknown:
I don't think that's the case. I think I think the coordinator fees outpace the network fees currently. No. No. I I I see what you mean, but, you know, this is an extreme extreme
[01:55:23] Unknown:
example of having just one honest user but let's say we have 50 honest users and you have 50 from the coordinator then, you know, you would increase the reward with 50 times. Right? Significantly.
[01:55:37] Unknown:
Even if you weren't trying to deanonymize them, you're just trying to make money. You're just trying to print money.
[01:55:42] Unknown:
Exactly. That's where I'm going with it. Right? Like, first, we guide some in the 99 honest peers plus one coordinator peer, and one more coordinator peer would add $0.16 gets $0.16 from every Anna's peer. So that's 99 times 0.16. Okay. And and on the other end, when there is only 1 honest user, then we also established it doesn't make sense, the coordinator, to join in. So somewhere in between, it makes sense. Can can you guys follow? Yeah.
[01:56:31] Unknown:
Look. My my point is is I I think I think as on chain fees increase, that provides a natural civil defense to the centralized coordinators. It just has not been the case so far. I think a fixed fee to enter a CoinJoin liquidity pool is as a a way better incentive in this scenario, because increasing volume doesn't get you more in fees, period. I I I I think as a Wasabi user who paid significant amount of Sats to you guys, like, I I I don't even want to go back and count how much Bitcoin I paid you guys. Like, I paid you guys a lot of fucking Bitcoin to provide me privacy improvement.
That was based on a perceived an onset. Okay? It was based on how many people were in my round. And all of a sudden, there's this incentive that's been there from the beginning that the coordinator can be adding to that perceived onset when it's really not I'm not actually getting any privacy gain from that, but I'm paying for it. And then on top of that, the average user, because of the way the defaults are set up, are going, and they're they're they're ruining their forward privacy, which ruins my Anans set going forward. Right? So if I if, let's say, I have 30 Honest Peers, and those 30 Honest Peers, you know, 15 of them send their funds into BlockFi, and, you know, 5 of them send it to OpenOM's mom and then, like, 2 send it to someone else. Like, all of a sudden, my Ananset is, like, 3, and I don't even fucking know. I have no fucking idea. It degrades rapidly, and I'm paying a premium for it.
Do you does does that issue not make sense?
[01:58:33] Unknown:
I'm I'm I'm not sure I'm following.
[01:58:38] Unknown:
So so to be a little bit more productive, Wasabi 2.0, is coming out hopefully in the next, like, 6 months, right, or 8 months? When do when do we expect Wasabi 2 point o? It doesn't matter. Wasabi 2 point o is coming as soon as possible. With Wasabi 2 point o, I'm gonna try and do a a high level description. Tell me if I'm wrong. Users come in. They go and they they they basically exchange their Bitcoin for, like, a a momentary token that is managed by the coordinator blind blindly, and then they can apply that token to future transactions. Right?
Is that a good high level description of a Savvy 2 point o? What?
[01:59:27] Unknown:
So so this happens I I'm I'm sorry. There are just a lot of topics glossing over and but but but, it happens within a coin join. I'm I'm not sure that's what you meant. Not future transactions, but this happens within 1 coin join.
[01:59:48] Unknown:
Was so so so what I'm trying to ask is is how's what is the fee structure in Wasabi 2 point o? Is is it is it will the Wasabi is the Wasabi fee structure the same as Wasabi 1 point o, or is it is it is it is it a fixed fee? What what is is it changed at all?
[02:00:07] Unknown:
So it has to be changed because the system is completely different. Also, because of the fee incentive we did not succeed to to go too much into. And, also, because we would like to to create to to to enable sharing the revenue with other services who are building on top of the WhatsApp, daemon. And, unfortunately, I can't say how exactly these fees will be because I'm not 100% convinced that there is a anonymous way to share revenue. And if if so so that that that's very important in terms of how how the fees would be would be would be there. Right? So so it's not figured out at this point, but definitely has to change for multiple reasons.
[02:01:13] Unknown:
Okay. Do you can you give us, like, a high level, you know, high level kind of description of of the goal of Wasabi 2 point o? Like, how like, how it works. So high level kind of, explain it like we're a Bitcoin fanatic. You know, not I don't I don't have to be 5 years old. I just need to have, like, a high level kind of discussion here.
[02:01:36] Unknown:
Sure. So it's going to work like a normal Bitcoin wallet, except that when you are sending transactions, you are always sending mixed coins, except when you did not have the time to mix them. And it should it does not ask you to manually mix, but the the privacy things are happening all in the background. So so, basically, a normal Bitcoin wallet with with a couple of tweaks regarding the how we we were able to replace coin control, but not exactly the same way as other wallets are doing it. But, but, yeah, for example, the cluster selection or the the the change avoidance, but but, like, a normal Bitcoin wallet, it's privacy by default. Right?
[02:02:39] Unknown:
Yeah. I mean, so, like, my my, like, kind of understanding of it is, like, almost like you you you, like, you you get a share of whatever the round is, and then you can apply that share outside. You you can you can apply that share however you want. So you can come out with different you can come in with different amounts, and you can come out with different amounts than having, like, equal output coin joints. Is that correct?
[02:03:09] Unknown:
Alright. So so the amount organization is also something we did not fully fleshed out, but we fleshed out in a way that I'm comfortable with to a point that I'm comfortable with it even if it would be it would be rolled out as it is as far as we figured out, but others want to do some other stuff. Never mind. But how this works is that you come in with arbitrary input amounts, And you can come with multiple input inputs or only one input, doesn't matter, and and you can break them in any way, shape, or form except for privacy.
You don't break them in any way, shape, or form. But what we found is the most blockchain efficient solution that we we came up with is is that every user looks at every other user's inputs. And based on those inputs, they randomly generate a bunch of solutions with a bunch of, denomination systems, like powers of 2, powers of 3, preferred value series. But they are generating randomly a bunch of solution, and one of the solution will be submitted, to to have their outputs. And this resulted in pretty good anonymity sets, like, around it's variable. So so so sometimes it's 2, sometimes it's 20.
It depends. But we don't really have changes anymore, and we are able to mix all the all the inputs in in one go, and and there is no minimum denomination. So it's it's it's actually pretty cool, and we worked very hard on that for one and a half year. So so, yeah, it's like I think this is how far coin joins can can potentially go if you don't consider all these kind of crazy things like coin joins, coin swaps and coin joins, or lightning channel openings and coin joins because those obviously complexify many things. But as as far as on chain mixing, with a couple of outputs, No changes generated arbitrary inputs.
[02:05:58] Unknown:
That's that's what what some of the tool can do right now. What what do we have to what kind of and, Obenom, just feel free to jump in here. What what kind of what kind of, trust model is this? Like, do do we what do we what are we trusting the coordinator with? Is it is it almost like a little bit custodial while you're in that process where the the those the Wasabi core Wasabi 2 point o coordinator can can take money?
[02:06:24] Unknown:
No. No. You're you're not testing at all, the coordinator.
[02:06:30] Unknown:
We're just matching all the all the UTXs in the wallets and trying to find with an algorithm which would be the best kind of denominations to put in in the coin joints. Right?
[02:06:41] Unknown:
Yeah. Yeah. Exactly. Based on other users' inputs, you're guessing. So you don't know exactly how much anonymity you will get out, but chances are you will get out. You there will be other users guessing similar ways than you based on your inputs and other user inputs. So so yeah.
[02:07:01] Unknown:
Do you do you do you think that is there any trust required in the coordinator in Wasabi 1 point o?
[02:07:12] Unknown:
There are some some minima trust issues when we are adding, like, 2 inputs to to a mix from the same user, then then there is trust required. It obviously doesn't happen normally, but in edge cases, it it does.
[02:07:33] Unknown:
No. Not not really anything else I can I can come up with? Well, I would say the big one is exactly what I said earlier. Right? Is that and you have no Sybil resistance from the coordinator. Do we not agree on this?
[02:07:46] Unknown:
I I mean, yeah. Sure. We can we can go to the go deep with this because I I did some calculations. And if if if you would like, then I I can tell you exactly that what it is incentivizing at.
[02:08:04] Unknown:
Sure. Let's let's dive in.
[02:08:08] Unknown:
My my previous example was was okay. By the way, that 99 peers, it makes sense to add 1 coordinator peer. One peer, it it doesn't make sense to add 1 coordinator peer because coordinator piece more network fees.
[02:08:24] Unknown:
It it makes sense. Right. But in practice, that's not the case. Right? In practice, you'll have, like, 40 honest maybe. Maybe you'll have, like, 10 or 15 coming from, you know, a single entity, and then you also have so do what what about what about remixing? Do we think that that that users should remix? Should they do one round? Is one round alright?
[02:08:51] Unknown:
Is this connected to the previous conversations?
[02:08:55] Unknown:
No. Not real I mean, it's connected in that, I think, Wasabi anonymity sets are overstated. You overpay for them based on the anonymity set, and then they degrade rapidly. So I think that all users should remix. Do we are we all on on the same page on this? Or
[02:09:15] Unknown:
I'm I'm I'm not sure. I mean, depends on the users. Right?
[02:09:20] Unknown:
My I guess the issue that I'm coming from is that I feel like the default of 51 for the Anans set has always been way under state, like, it's just dangerous default, like, people should default to at least at least 2 mixes. At least at least at least a couple people should be remix and, like, at least some people in the the fucking round should be remixing, if not everybody. Right?
[02:09:48] Unknown:
Yeah. I mean, 25% is remixing. Right?
[02:09:52] Unknown:
But then why is the default 51 if that's just one round? And most most times, it's just a single round, 51.
[02:10:03] Unknown:
Oh, because it's expensive. Right?
[02:10:07] Unknown:
So we should have so does Wasabi 2.0 incentivize remixing? Does it make it so that a user doesn't have to pay more money to to have remixes?
[02:10:20] Unknown:
I mean, you're paying the network fees which are not insignificant.
[02:10:25] Unknown:
Right. That's unavoidable, but I'm talking about on the coin joint fee structure.
[02:10:37] Unknown:
Should we change okay. Are we not incentivizing remixing right now? I
[02:10:44] Unknown:
I don't think so because the default is 51, which is usually just a single round, and you have to pay significantly more to continue to to continue to remix. Right? You just said it yourself. You said it's more expensive to remix.
[02:11:02] Unknown:
If you put in let let's say let's let's keep it simple. 0.1 Bitcoin. And when you're remixing that 0.1 Bitcoin, then then you don't pay the whole coordinator fees. You only pay as much as you have, which is a few Satoshis left. In this case, you get the perfect mix.
[02:11:26] Unknown:
But then if that's the case, then why are we why why is the default in Wasabi 51 instead of, you know, a couple mixes? Like, at least 1 o so, like, we're we're if if I go back to what I said earlier, it's like when I'm trying to onboard people, and I'm talking about Wasabi, I'm, like, okay. So then after you install it, like, go into settings, switch it to at least 101 so that that you know you're guaranteed at least one remix. Do you agree that that's best practice?
[02:11:54] Unknown:
I mean, it depends on who. Right? I would not keep remixing
[02:12:00] Unknown:
forever. That's for sure. I'm not saying forever. I'm saying at least once.
[02:12:07] Unknown:
I I think I would be okay with the single mix, for example. But, you know, like, you're you're remixing, right, like, the the 50 unlimited set is not reached for all your coins. It's only reached for 0.1 Bitcoin, and the rest you are you are still remixing. And if you start with 0.8, then you will have a couple of anonymity set on 0 point on a 0.2 coin and on a 0 point 4 coin. Right? So when you are putting that into the mix because that does not reach the 50 anonymity set in the first round, then, you are remixing.
[02:12:52] Unknown:
But yeah. I do you think can I have a question? Do do do you, from my understanding, multiple mixes on the same output, not talking about the other bigger remaining output, is more efficient in terms of gaining anonymity than adding peers to one mix. So what I'm trying to say is that mixing twice with 50 peers is reaching more than once with a 100 peers.
[02:13:40] Unknown:
I agree with that. And, Upar, do you agree with that?
[02:13:45] Unknown:
So that's a that's a good question. I I I actually, I had some calculation. Let me see if I can remember that. So so so the question is basically similar to 1010 people coin join versus 100 people coin join. Right?
[02:14:13] Unknown:
That's Yeah. That that's a mathematical example. Exactly. Yes. Yes. I I don't I don't think it's simply additive. I mean, it's not completely exponential either, but it's somewhere in between. So Yeah. Multiple rounds are better than one big one, my in my opinion.
[02:14:31] Unknown:
Yeah. Yeah. So so so my my point is that you can mathematically tell which is better, which is you're calculating the the equal I'm I'm not sure. Right? But, well, I definitely had the calculations, a few half a month ago or something like that for that. Yeah. Sorry.
[02:14:55] Unknown:
And and you also presume then if you are remixing, then others too who you have been your peers. So, you know, the onset does kind of branch out like that as well.
[02:15:10] Unknown:
I I mean, you're presuming with the it it doesn't it it doesn't matter for for 10:10 people coinjoin versus 100 people coinjoin. Others are branching out from that anyway.
[02:15:31] Unknown:
I mean, it's it's not the case if everyone is just doing 1.
[02:15:37] Unknown:
Oh, yeah. But not everyone is doing 1. Right? That's 25% of the mixes are remixes. So 25% is not doing that. They are remixing. These are not remixes of the changes of the non mixed, coins. These are remixes of the mixed coins.
[02:16:02] Unknown:
Yeah. I mean, I I yeah. I I understand that, but, you know, they are paying for it, and they are not, you know, the system is not set up a way that which would make them to do this. I mean, they have the personal choices or they have, like, a higher target because they listen to Matt to put it to 101 or, you know, or they just feel more comfortable with more mixes. That's what it happens. It's it's not doesn't happen automatically. Right? If I for example, if I if I put my coins in in in join market, right, if I'm a taker, I'm having a low time preference and I do the mix days or or or running a tumbler with multiple multiple mix days in including transactions which are not creating state change.
And then either because I've I'm in rush, I need to spend somewhere or I leave my coins in there and continue as a maker and alternate these rules. And as a maker, I'm not paying anything, but still improving the anonymity set of my coins. Right? So how is that that is just so much better to me that I wouldn't even think of not using the chance of free remixing. And to be honest, this is the same with if you are entered and do pay pay the fees to enter. You will just leave it as long as your, you know, time allows or you are comfortable with having your funds in.
[02:17:30] Unknown:
So when you say it's not incentivized, do you mean the default is different or there is no financial incentive?
[02:17:41] Unknown:
There is a counter incentive incentive. Right? Because you need to pay for it to continue. So, you know, it's cheaper for you to not continue.
[02:17:51] Unknown:
It's cheaper than mixing non mixed coins. Do do you see how? I see that. Yeah.
[02:18:02] Unknown:
But that doesn't I mean, yeah. Yeah. That's that I understand that it's true, but also, I want to mix my non mixed coins more than the mixed ones. So, I mean, you know, that doesn't matter really. This is about if I want to increase the anonymity set or the, kind of darkness or, like, modeled around my coins more.
[02:18:29] Unknown:
And I do You you want to what do you want to incentivize? Mixing non mixed coins or mixing mixed coins?
[02:18:38] Unknown:
No. It's clear that mixing non mixed coins, it does cost a fee. But then you you see that's how the other implementations are set up in a way that you can continue mixing without paying. So you would do it.
[02:18:59] Unknown:
Okay. Yes. Yeah. I I I I I see that. Definitely. So you can continue mixing without paying while other people are paying for it. Right? Yeah. So I I think it's it's not a good idea to to not let to to not do the people to to not make the people pay the network fees for various reasons. On the other hand so if the suggestion is, should the coordinator somehow prefer or not ask anything from remixers, then I think that's a that's a good suggestion. Sure. If if that's what you guys mean.
[02:20:01] Unknown:
Yeah. That would be because that's that that is a benefit from both to it's it's beneficial to participate, to remix for both the ones who are remixing and and also the new entrants. Right? Because they have a higher anonymity set. So it would make sense to pay for it as a new entrant. And that payment can incentivize the people who are just there for the privacy. And now the question is if they take their coins out or stop the the wallet or, just hang hang around a bit longer to gain more privacy.
[02:20:44] Unknown:
Sure. But, you know, someone has to pay the network fees, and I don't think it should be I think whoever uses the block space should pay the network fees, which is the long term bottleneck.
[02:21:03] Unknown:
Right? I I think what Open Arms is trying to get to and is is is what I'm trying to get to is that do we not agree that these tools should encourage remixing based on their structure and their defaults?
[02:21:22] Unknown:
I'm not sure about it. I I think it's very expensive to remix. I think the people who would like to remix a lot have a very specific reason to do that. So what should be the default? This should be the default to to normal users. Right?
[02:21:49] Unknown:
If if I used, which I did, if I used Wasabi in 2019 and I used the default and I got a 51 in onset, Right? And it stopped automatically based on the default because I didn't change anything. I just trusted the default. Got my nice 51. I got my badge. Got the green check on it, and it just sit there. It just it's it's sat in my Wasabi Wallet. I haven't moved it. What do we think the Anand set is today? Significantly less than 51. Do we agree?
[02:22:20] Unknown:
No. Yes. No. Okay. So it is less because other people are doing things that makes your UTX more likely to coming from the source where you put it in from. Right?
[02:22:45] Unknown:
Yeah. Yeah. It's an elimination process. So as people are coming out as or a doxing, going to KVIC services, they do identify themselves. So so if there are 50 people and 49 have identified themselves, then, you know, you know who is the 5th thesis.
[02:23:02] Unknown:
Okay. So but on the other hand, and I think you guys talk about this a or you met talk about this a lot, Other people are remixing the coins. Those are exactly equal outputs to your coin. And those can go to many different places too. Right? And those can be remixed too, and those can go to many different places. Now I don't think this is a good argument there. But if you look at the the the academic terminology for anonymity set, then the anonymity set is would be huge, like 1,000 or I don't know how much, but huge because exact same coins that could be yours go to other places in the coin join.
Now this this is where where where we should bring in probabilities, right, that it's unlikely. But, if if you take the anonymity set from an academic point of view, then it can be a lot more because of future mixes.
[02:24:24] Unknown:
I mean, I I I agree that remixing helps. We just lost Open Arms. Hopefully, he'll join back in. I I agree that remixing helps. I just I just I wish it was incentivized, rather than discouraged, so that that that would be more likely to be the case rather than having to just hope hope that people do it. I I just wanna be absolutely clear here, that I appreciate all the work you put in to this very important topic as, as as the one of the I mean, it's a topic that I've dedicated a a significant portion of my life to. So I I do absolutely appreciate, all the work you and the rest of the Wasabi devs have done.
My goal ultimately is I just want these tools to be better. I I think they're they're not perfect. I don't think this should be a controversial thing, that they're not perfect.
[02:25:29] Unknown:
Yeah. That's definitely you know, like, when I when I wanted to go into the details of the coordinator, fee, economic incentives to part of participation. I I didn't try to trap you. Right? Like, it's a nuance topic, and and, you know, I I didn't think that much of it previously. But now that that that, this this debate was coming up, I actually sit down and did the calculations, and I got results. And and I I I don't know. I mean yeah. So I I wasn't trying to trap you there.
[02:26:20] Unknown:
Oh, we lost Open Arms again. He's back. I I so I Open Arms, you everything alright over there?
[02:26:30] Unknown:
No. I I needed to switch to mobile. That's my, ISP
[02:26:35] Unknown:
has got me off, it seems. There we go. They're trying to stop this very important conversation. Awesome. You know, pump pump pump would do something like a ridiculous tweet. Oh, they're trying to they're trying to censor Citadel Dispatch. Please like and subscribe. Yeah. I I I look, I look forward to Wasabi 2 point o. I I I hope that there's there's an incentive to remix there. I hope that users are encouraged to do it based on the the the implementation and the defaults. But, yeah, I I I don't know. I I don't I'm trying to keep this conversation as actionable possible, and I feel like maybe we've hit, like, kind of a wall here.
I do appreciate the insight. I I guess I don't know. Should we should we move on to to another topic, or what are you guys thinking here?
[02:27:43] Unknown:
So so I I think I just I just don't guide you through of my calculations, but maybe I I it's it's important that to say to just just to say my conclusions because is it is there a fee incentive for the Wasabi coordinator to participate? Yes. And it is definitely a problem. However, I don't think this leads to severe risk. And yeah. Never mind. And I think I could even prove that there is no such civil attack on on Wasabi. And, you know, maybe maybe maybe the most important thing is that why so if there is this fee incentive, why aren't we changing it? Maybe that's that's what you are more most curious about.
It's that, you know, how the fees are being, collected and paid out is the most most fundamental business agreement that we have with our users and, you know, unilaterally changing it without without very, very good reason, like like for Sabi 2.2. I I think it's it it would not be a good idea because, like, that's what that's that's our most fundamental agreement with our users. And, and that's opens up a lot of problems. You know?
[02:29:19] Unknown:
Has the Wasabi team ever participated in their own Wasabi rounds?
[02:29:25] Unknown:
We are mixing every every well, Evan, we are we are mixing the incomes. Yes.
[02:29:32] Unknown:
So you're you're mixing the fee revenue?
[02:29:36] Unknown:
Yes. Yes.
[02:29:40] Unknown:
And that increases the user's fees every time you do that. Right?
[02:29:47] Unknown:
Well, not significantly. Right? $0.16 per peer, and we are able to participate in, I don't know, 5% of the mixes. We we are not. This is you know, we are a participant in the mix. It's it's not a coordinator civil attack, one jumping in with a single user for 5% of the mixes. Right? Do do you do you do you agree with that, or or do you think we should not use the
[02:30:30] Unknown:
the Wasabi service at all? I'm just trying to make a point, specifically. But, I mean, I I don't think the word Sybil implies a motive. Like, I don't think, I I think you could be a good actor and still be sibling. Do we agree on that? Like, a civil attack a a a a civil is a very is a is a very objective term. Right? It's just, you're participating in in something, and you're reducing the an onset because you know your own participation. Right?
[02:31:01] Unknown:
It implies that it's an auto co nonlinearity set in in in the context of coin joins. Right? It implies that it's an attack on privacy. Sorry. Not anonymity set. I don't know why I said that. It's not a concurrency. That that would be severe.
[02:31:19] Unknown:
But you could be you could be a good actor and you could be inadvertently sibling. Do we not like, like, is this not a thing? Like, if if if I'm running 5 clients, but I have no intention of deanonymizing people, I'm still, like, 5 concurrent clients, and I'm joining a a a round under the auspices that is 5 separate people, but it's really just me. That's a civil regardless of the fact that I'm trying to deanonymize people. Right?
[02:31:49] Unknown:
You could say that it's a civil, but the the consequences are not that anyone's privacy would meaningfully be hurt by that. So so if you want to do a real civil attack, right, that's 10,000 fresh Bitcoin monthly. You would have to have that much money for Ria Sibilata. Assuming Ria Sibilata already happening, then you are you have you are bringing in 9,000 Fresh Bitcoins monthly, assuming that it's already happening and de anonymizing users, unless you are remixing all the time. Right? Because if you're remixing all the time, then you don't have to bring 10,000 Fresh Bitcoins monthly. It's okay to look at them the daily volume, which is which is 300 Bitcoins. So from 300 Bitcoin, you can civil Wasabi if you are the kind of the only one who is so but the problem there is that then you should see very high remixed numbers, like 95% or something crazy like that, but you do not.
So the the thing here is that the civil attack is actually noticeable
[02:33:24] Unknown:
unless the user quoting you keep quoting this 25% number. That 25% remix number is what a a a civil attack would look like. Right?
[02:33:35] Unknown:
So if if less people are remixing, then, sorry, if the the remix number is not very close to a 100%, then you must match the the fresh Bitcoins coming to the mix in order to make it look like, you know, no one is no one is is is is doing anything. So unless unless someone has, well, 10,000 Bitcoin new Bitcoins monthly, so that's a 100,000 yearly, then there is no remix except if the remix numbers are sorry. Then there is no c b l, except if the remix numbers are high. Because in that case, the daily volume would be enough because the confirmation target is about a day. So that's you can't use the coins.
[02:34:35] Unknown:
The main reason the main reason the coin join fee exists, not the network fee, the coin joint fee exists, is for Sybil resistance. Correct?
[02:34:46] Unknown:
No. No. No. No. That that's that's for business purposes. Right? The CB resistance is, hopefully coming from the network fees and the the initial requirements.
[02:34:58] Unknown:
So you think a coordinated coin joint implementation that has no coin joint fee, period, is sybil resistant?
[02:35:07] Unknown:
I think the doing civils on on coin joints without coordinator fees are still very expensive.
[02:35:23] Unknown:
I mean, I think it will be in the future, but they they haven't really been historically. But I I I I think I think I think developers of CoinJoin implementations should try and make it so a a bad actor has to pay a a bad actor who's attempting to sybil has to pay more money than a good actor, an honest actor that is just attempting to gain privacy. Do we agree on this?
[02:35:53] Unknown:
How do you know who is bad actor and who is honest actor?
[02:35:57] Unknown:
I I think you can set up an implementation so that if if, if you're attempting to sybil, it costs you more money. If if let let's say, hypothetically, it was possible. Would you agree that that is a better situation to be in?
[02:36:17] Unknown:
So, I'm I'm sorry, but the point of Sibyl Attack is that make yourself look alike than other honest peers. So that's that's like there is a cognitive dissonance there. Right? Because if you can differentiate between civil and non civil, then then then then you know that there is a single attack.
[02:36:41] Unknown:
You know what I mean? Or am I Well, what what if you what if you made it what if you made it so if a user who joined a coin join round, with multiple UTXOs, that were randomly selected to join fall a subsequent route paid a smaller fee than someone who joined with concurrent implement you know, instances. They're running a bunch of instances at the same time, and and they're they're practicing Sybil type behavior rather than a user who's who's, you know, adding their a a majority of their UTXOs at the same time. Is that a better situation to be in?
[02:37:22] Unknown:
So sorry. Let me repeat that. So a user who so so you could look at the what kind of UTXOs are coming in in in the mixes and you know that a user who is joining with multiple UTXOs.
[02:37:43] Unknown:
Yeah. I'm sorry. I'm I'm lost. So a civil attack a civil attack is when an attacker comes in and tries to be the majority of the participants. Right? And then tries to use tries to use, process of elimination to hurt the hurt the privacy of the other participants. Right? So if, let's say, at an extreme level, a Sybil attacker comes in and they're 95 of the 100 inputs, they can use that private knowledge that they're the 95 inputs to try and ruin the privacy of the remaining 5. It would be hooved to me, it makes sense that someone that that if you're working on trying to create a a coin joint tool, you should try and make that that scenario more expensive than a scenario where the average user is coming in and they just want privacy and they just wanna be one input.
Right? Like like, that should be the way these systems are set up. It's the number one attack that's used. Right?
[02:38:46] Unknown:
Okay. So if I have a 100 Bitcoin, then what prevents me from breaking it down to to small amounts?
[02:38:59] Unknown:
That's the point though. My point is is in Wasabi, nothing. With with Wasabi, if I'm running if I'm running a 100 instances that are mixing with each other, I pay the same fee as if I'm running one instance and just running my coins through it. It's the same exact fee except for network fees, which I do agree add extra Sybil resistance when fees go up, but fees have barely gone up.
[02:39:30] Unknown:
Well, you are paying coordinator fees after yourself too, like, after your peers. So but but yeah. Yeah. Sorry. Yeah. But Stowe is the honest user. The same. Yeah.
[02:39:42] Unknown:
Open arms. What's up over there?
[02:39:47] Unknown:
Yeah. I I I don't feel that comfortable paying by participants in in this setup, but, you know, I don't know if we can solve the, you know yeah. You cannot guarantee the new entrants. Right? I mean that that is that is the the question because as 6102 have, pointed it out, if we let people remix free then and that's what Nupa is saying as well, then the possible simple attack will become much more cheap. Right? So unless you would have a guarantee in every round that the new participants need to be a set percentage, and then the remix participants are chosen randomly.
But, you know, that's would be pretty much applying another implementation to a service. So that's not the solution, I guess.
[02:40:52] Unknown:
So what you may be able to do is to to the if the coordinator has the whole blockchain and can work on that properly, then you should be able to make sure that the thing the inputs that you accept into the coin joints are as disjointed on chain as possible. But, yeah, I mean, you do some some centralized mixing, and that will break it. I I maybe not. I I I I don't I I don't know. Maybe I'm just going off tangent here. But but but, I mean, it it doesn't really matter that much because sibling is expensive even in in non even in in scenarios when when no one is trying to to prevent them, the volume is the main obstacle there that you have to match the the honest users' bitcoins with yours, and that's how you can can get the, you know, the anonymize them. If you can't match the honest users' Bitcoins, then I don't know. It's it's got messy.
[02:42:24] Unknown:
I mean, except for the coordinator.
[02:42:28] Unknown:
Well, the coordinator has to match the honest users because coordinator is getting paid for money. But but it has to have that much money to to match the okay. Assume assume the coordinator is bringing in $10,000 sorry. 10,000 Bitcoin monthly, then then does it really make sense to to mess around with with a with a few dollars of fees and the like like, executing this attack if the coordinator has 100 of thousands of times more money already, then why would he want to do this attack? Right?
[02:43:21] Unknown:
I look, I I I just I just once again, I just want to reset a little bit and just, you know, I I appreciate you coming on the show. I look I I look at this as more than just a podcast. Like, I think this is, like, kind of we're all trying to just learn together. You know, I almost think of it as, like, a global classroom. So I I appreciate you coming on, just talking through all this shit with us. I appreciate Open Arms coming on, obviously, as well. I I think it's an important discussion that should just continue to be had. Like, I I want these discussions to be had publicly. But I do kind of feel, there's a disconnect. I I don't know. We're, like, miss like like, we we were just not, like, there's no breakthrough here.
It's just frustrating. I I I just I just wanted to be absolutely clear that I think every person I I I think the 3 of us are acting in good faith. Like, I don't think that we're acting in bad faith here, but there's a massive disconnect.
[02:44:36] Unknown:
May I share with you my calculations
[02:44:39] Unknown:
finally? Do it. Share the calculations.
[02:44:43] Unknown:
You know why I was bringing in that only one coordinator peer and examining the 99 and versus the the one honest user case is that the the idea here is that somewhere in the middle, it starts to make sense for the coordinator to jump in with another peer. And that's somewhere in the middle. It's actually 13 peer, with with the average network fee of $2 of participant and the coordinator fee getting per participant, 0.16. So that's at certain peer, it starts to make sense to to come in with one other peer. And, you know, like you guys pointed out that, that one other peer is is still still not a not a real life example. Like, what happens if the coordinator is coming with multiple peers?
And then we can we can look at this equation in in a way that if we have x honest users and 100 minus x coordinator users, coordinator peers, then this becomes a maximization problem because you can you can run this maximization where the coordinator gets the most money, and that actually at if x equals 56 honest users and 44 coordinator peers. And that's where the coordinator can get the the most money out of the system based on this this incentive. But,
[02:46:37] Unknown:
So the incentive is broken?
[02:46:39] Unknown:
And and this is already on a high chain fee. Right? So if the chain fee is lower, then it's cheaper to SIBO.
[02:46:47] Unknown:
Exactly. This is with the last month of reaches.
[02:46:51] Unknown:
Right. So previously, it was all one separate bite.
[02:46:57] Unknown:
Yeah. Yeah. Yeah.
[02:47:03] Unknown:
Okay. Well, I mean, that sounds to me like we agree. Do we did did I was not doing the comma, dear. This is I look. Guys, I really appreciate both both of you, coming on the show. I kinda we've been going for almost 3 hours now, which is usually where I try and cut these things. It's been good. This has been a good discussion. This might be the best Citadel dispatch, we've had so far, And it's going out to all the citadels, which is great. This very important topic. Open Arms, before we close, I just look, you've been super dedicated to join market. I feel like you should give the freaks you should give the freaks your pitch. Like, why should people use join inbox, use Raspberry Blitz maybe with join inbox, or just join inbox by itself, or just join market? Like, why should people use that instead of of these other options?
[02:48:12] Unknown:
So, I mean, the implementation is just joining box is just a wrap around join markets. So it's basically we are speaking about using the same thing, one being easier having this type of interface where you can use it on the desktop with your with the graphical interface. It's certainly better to use it on a dedicated box if you want to use as a maker, which is the biggest kind of feature of joint market as I feel. Being incentivized to provide liquidity and, you know, mix your coins freely. I think if you have if you're not in a rush, you can if you just, if you're comfortable holding in a hot wallet, I think it's joint market is a very good place to park the coins basically while they are getting mixed and you are generating some minimal income as well.
[02:49:13] Unknown:
The income is bullshit, though. Right?
[02:49:15] Unknown:
Well, it's yeah. Put the rate. Point 1 to 1 percent of the deposited money, which is I mean, you know, it's it's it depends what what your expectations are. Right? It doesn't match with BlockFi. Right? Only after how much? 2.5 Bitcoin? BlockFi. No one should use BlockFi.
[02:49:33] Unknown:
There you go. I as far as I'm concerned, the base yield of Bitcoin the base yield of the world now is just holding Bitcoin. It's an asset that's designed to pump forever. This is there's risk free rate concept that the traditional finance people want to show you, is bullshit. The risk free rate of the world now is holding Bitcoin. Just say humble in StackSets. So so no power. First of all, open arms. That was a great, I appreciate that. I I just wanna say, like, I really like, join inbox is the best way to use join market, whether you use that on Raspberry Pi Bullets or you use as a separate image. I appreciate all the work you're doing on that front. I think it's it's very important work, and I I really do appreciate it. And I appreciate you coming on the second time, and I expect you to come on dispatch many more times in the future.
The this show is also a 61 02 Bitcoin show. He's a cohost, and Nopara, he would be very upset with me, if we didn't talk about systemic systemic address reuse. This idea that there is participants in wasabi mixes, that keep reusing the same address. So they're counted in the Anonset, calculation. The fees are paid out based on them being a an additional privacy benefit. But, clearly, if they're just reusing the same addresses over and over again, they're not a privacy benefit. Do you agree that a coordinator should just stop that from happening? Like, why why would a coordinator allow that address reuse over and over again? Like, the coordinator can see it happening. They should just Wasabi already bans.
Wasabi always already has a blacklist if you're attempted to if you're doing bad things, like I or or thought to be doing bad things. I've been blacklisted on the Wasabi coordinator because of tour issues in the past. So why why isn't the systemic symmetric address reuse, being blocked, and should it be blocked going forward?
[02:51:37] Unknown:
There is no way to tell if it's a donation or or or a real transaction. Right? I mean, on the principal level, on the implementation level, sure, we could do that. However, the problem is that that would sweep the problem under the rug because that address reuse happened already. It just against the coordinator. Only the coordinator knows, but we consider what the coordinator knows public knowledge, so we don't want to get in a situation where the coordinator knows more things. At least that's what we are trying to minimize, and this would be a step in the wrong direction.
[02:52:23] Unknown:
But but but the coordinator can tell that the address is being reused. Right? The coordinator can tell that it goes from one address that's that's been reused to another address that's been reused. Like, why? That gets pretty obvious. Right? Like, it's on chain. The input side and the output side have the same address. Like, shouldn't a coordinator's block that? Like, why is that a thing?
[02:52:46] Unknown:
Oh, okay. Sorry. I I just wasn't clear. The reason why the coordinator should not block the address reuse one reason is that, you know, on Bitcoin Core, you can't even detect that. But but, anyway, you can if you are looking inside transactions. But, anyway, never mind. That's just doesn't matter. So so so the point is that you should the address reuse already happened at that point.
[02:53:21] Unknown:
Right? No. But but literally the output the output of the mix has the same address as an input of the mix. The coordinator knows both sides. They're the coordinator. They coordinated the transaction.
[02:53:35] Unknown:
Yes. But the address reuse happens. So if the coordinator refuses that that, the coordinator should let it be public and not try to hide this happening. Does that make sense?
[02:53:50] Unknown:
I mean, I guess my point is, like, I respect the idea of join market where we have, no coordinator and it's just straight p to p. But if we're able to get away with using a coordinator, a centralized coordinator and regulators are fine with it, that coordinator should enforce sane defaults. Like, that's the advantage of having a centralized coordinator. So why is the coordinator not enforcing a fake and onset? What I like like that there's clear the on chain is clearly a fake. It's it's it's it's not helping anybody in the mix if if the person used the same the same address on the input side as the output side. So what do you mean by take on offset? It's it's a person it's a person or entity, apparently, that is using a modified client that has the same input address as the output address in a mix. It's the same it's it's I come in from one address, and I come back out of the mix on the same address, but it's calculated in the an onset calculation, obviously, that doesn't help anybody's privacy.
[02:55:04] Unknown:
I mean, it's not like you would rely on only one other person in the PR, but in the in the mixes, but the anonymity sets are are showing much larger numbers. And these are not significant amounts of of of that happening. Right? Like, who I I have no idea how the hell this this can happen. Right? Like, there there was a quote there was an address that has been reused over 300 times, and many address. Not many addresses. I I don't actually know. But there was definitely one that has been reused 300 times input output side. And, you know, like, whoever does this for whatever reason is not our concern.
We don't want to know we we don't want to know. Right? Like, we just want to know as little things about our users, whatever crazy way they are using the system until until the the the main properties of the main privacy and Germans are are enact, and it don't ruin the privacy, like, in a significant systemic way. Right?
[02:56:25] Unknown:
But but theoretically theoretically, just, like, do we do we agree that, like, a the coordinator should should just not allow reused addresses in a mix?
[02:56:43] Unknown:
On a principal level, no. Because it could be a donation. It could be even mixing a donation address,
[02:56:55] Unknown:
and and someone else is paying that exact donation address and But I'm not even saying the output is reused. I'm saying the input and the output are the same in a mix. The and the one of the input addresses is the same as an output address in a mix. We that should not be blocked.
[02:57:12] Unknown:
So, yes, that's what I'm saying that I am mixing a donation address from a donation address, and the same person is sending and some other person is sending the money to the donation address to the same donation address. Right? So in principle, it should not be prevented because it's about because there are valid use cases like that.
[02:57:37] Unknown:
What's the use case?
[02:57:40] Unknown:
Oh, someone is donating.
[02:57:43] Unknown:
No. No. That's not what I'm saying. I'm not saying the donation. I'm not saying the output address is
[02:57:50] Unknown:
I mean, if you could
[02:57:51] Unknown:
give me a There's 2 participants. 1 participant is the donation receiver, and 1 participant is the donation giver, and they just happen to coincidentally be in every mix together.
[02:58:02] Unknown:
You you can't do that.
[02:58:05] Unknown:
You agree with me, open arms. Right? Like, the coordination is just blocked that shit.
[02:58:09] Unknown:
Of course. Currently you cannot pay inside a coin join in Wasabi. So how could that be the case?
[02:58:16] Unknown:
I I'm I'm sorry. You you guys brought it up as a in in principle. Right? Like, in principle, should this happen?
[02:58:24] Unknown:
Well, I'm trying to be friendly about it, you know, but it's it's it's it's happening in wasabi mixes currently. Like, I just don't understand why people are being charged for those for that perceived and onset when it's just a reused address over and over again.
[02:58:40] Unknown:
So, I mean, this is
[02:58:43] Unknown:
We must 100% assume that the one who is controlling the address, so sending into the coin join is the same who is paying to it. Because there is no other way and software is there.
[02:58:59] Unknown:
So okay. Assume we are refusing address reuses centrally on the coordinator, then that means the coordinator knows more than anyone else observing the chain. And that means the coordinator has this extra knowledge that might be asked from us by law enforcement agencies. So if we try to prevent this kind of stuff in the coordinator level, then we may have some legal liabilities. That does that does that make sense in principle?
[02:59:48] Unknown:
I mean, but the coordinator already knows this shit. Like, the coordinator knows the input and output addresses regardless already.
[03:00:00] Unknown:
It doesn't.
[03:00:03] Unknown:
K. You're constructed. The coordinator coordinates the transaction.
[03:00:09] Unknown:
Yeah. But it's it's an untrusted way. Okay. So I I I don't know what you mean because They don't know the addresses they don't know the address from
[03:00:19] Unknown:
address you user 1 goes to the second whatever address he goes to, but they know the set of addresses on one side, and they know the set of addresses on the other side because they coordinate the transaction. Right?
[03:00:38] Unknown:
Okay. But if you reuse the address on the input side, then then the coordinator is going to know the link because the coordinator sees it. And if the coordinator doesn't let it go on chain, then it's only going to be the coordinator who knows it. Right?
[03:00:56] Unknown:
No, Paro. Why does does does does Wasabi already have a blacklist system in place for people they feel are abusing, the coinjoin rounds?
[03:01:09] Unknown:
So that is for denial of service attack protection. Those who drop out of the mix, those inputs are noted and and have some stricter requirements when they can come back.
[03:01:24] Unknown:
Right. That's happened to me because of tour failures. So that already happens. The coordinator is already deciding that a a denial of service attack is potentially happening. So if the coordinator decides that that it is clearly a reused address, they could block that too very easily. Right?
[03:01:46] Unknown:
It is possible. Yes.
[03:01:49] Unknown:
Okay. Open Arms, do you have anything else over there?
[03:02:00] Unknown:
You know, I think we've we've the point is made that, you know, I don't want to pay for useless panels useless participants. Right? And it's wrong to it's it's it's wrong to allow that to happen. You're being charged useful for them. Significant money for it too.
[03:02:23] Unknown:
$0.16.
[03:02:26] Unknown:
Look. Bitcoin's designed to pump forever. I don't even want to calculate. If if you want me to if you want me to get on our HR on Thursday and calculate how many fees I paid it to you in US dollar terms, Like, I can do that. That's a large amount of fees I paid you.
[03:02:41] Unknown:
I mean, I mean, that's bullshit. Negligible amount. That's bullshit. Sorry. The sorry. The calculation relevant here is how many fees you paid after users who reused addresses. Right? And that's negligible.
[03:02:59] Unknown:
It can be blocked very easily. I just wish it was blocked. That's all. I'm just I I I it's just frustrate this is just frustrating.
[03:03:10] Unknown:
So sorry. But but okay. But do you do you do you understand the concept of the coordinator should minimize,
[03:03:18] Unknown:
the knowledge that it has about its users that the public does not have? The the whole point of using a centralized coordinator over join market, a proper p to p system, is that the coordinator has these these these this ability to enforce defaults on the mix. That is the advantage. It's convenience plus the the ability to enforce these defaults. That that is the reason why a centralized coordinator has advantages over, a a p to p system like join market. So if if a centralized coordinator is not gonna enforce that shit for me, then I'm just going to use a p to p version.
Like, that is where I stand, and and and and and that is where we stand.
[03:04:07] Unknown:
I I think the point of using a centralized coordinator, it's that's a point. Yeah. I I I agree. The centralized coordinator can do more things than a complete peer to peer network. Right? Definitely. But the other point is that the central coordinator must be untrusted.
[03:04:31] Unknown:
Right? Like, it should minimize the information it should have because But it is trusted. We agree that it's trusted. Right? Like, a centralized coordinator doesn't provide civil resistance against itself.
[03:04:44] Unknown:
No. No. Not at all. It's not trustless.
[03:04:47] Unknown:
It's not it's not a trustless system. There's trust involved. The trust is minimized, but there's trust involved.
[03:04:54] Unknown:
Okay. Yes. Yes. That's that's a good point. I mean so we should try for minimizing the trust even further. I think that's a good goal here.
[03:05:11] Unknown:
Yeah. I agree. I agree. That's that's my goal. That's all I want. All I want is just I just want better defaults, better implementations. I want this thing's shit to be easy. I just want people to just just want to tell people to care about it and to use it and give them a very clear path to improving themselves. That is the goal. That is what I want. I think that's what Open Arms wants. I think that's what No Power wants. I think that's what most of the freaks want. Just a very straightforward path to try and improve their their situation.
[03:05:45] Unknown:
You you know, I can agree. I'm sorry. I can understand in in any significant way the past one and a half year. But, you know, we sit down and we started researching at how we can do this much better. And we want to do, not incremental improvements, but, like, paradigm shift, like a like a like a huge one all at once. And, you know, I'm the most frustrated that that we don't work on the coin joints, to be honest, to the core on the core and current coin joints. It's it's frustrating to me too, but, you know, like, it's it's coming,
[03:06:38] Unknown:
and and and you'll be the judge of that. Right? Yeah. I mean, just to be clear, like, I will be one of the when when you release a beta release of Wasabi Wallet 2 point o, I will be one of the first people to use it. We will be one of the first podcasts to talk about it. We will talk about it relentlessly, good and bad. So so you I I can promise you that, and I I hope other big corners follow suit in that regard. I think Open Arms will also cosign that message.
[03:07:09] Unknown:
Of course.
[03:07:11] Unknown:
I just want to we're about 3 hours and 10 minutes in. This is a fantastic discussion. I appreciate both of you guys. I appreciate all the freaks who came in at for your time to, be live with us on this Bitcoin Tuesday. Right now is, basically, we're, 45 minutes from when we usually start. I'm curious what the freaks think about this time change, difference. Should I do this going forward? Should I go back to the previous time? My my goal is to go back to the previous time. We are on Sphinx chat. We have over a 100 freaks now on the Citadel Dispatch specific tribe.
So so if if you wanna figure out how to do that, I can provide you an invite if you reach out to me privately if you can't figure it out. But you can run it on your own node if you use Umbrel or raspiblitz. So consider joining there. That's tribes dot sphinx dot chat. We have 2 tribes. We have one for our tails from the crypt and one for Citadel dispatch. So consider doing that. I appreciate both of you guys. Thank you for joining. Open Arms, I expect you to come back on many times in the future. No power, also, same thing. Like, this is the whole point of this this, this project. I mean, as far as I'm concerned, I want civil dispatch to be modeled after free open source projects.
There's gonna be no ads, no sponsors, free for everyone to use. I I might break copyright sometimes, but, actually, the music video that's gonna come at the end of this show is the first one that I've actually gotten approval ahead of time for. But I I just love all you freaks. You have any last comments? We'll start with Noparo.
[03:08:59] Unknown:
You know, I'm I really appreciate of being here because, I don't know how you are with it, but I find Twitter to be not the right platform to flesh out complex topics. And so I just default back to try to not get involved with any kind of drama. And and, you know, in fact, just a couple of points on the drama that I think I think I think it would be a pity to to lose new people from starting working on Bitcoin privacy because of what they are seeing, happening around them. And, you know, I just I I I just hope it wouldn't be like that, and and and more people would be more encouraged than you know, like, we could flesh out a bunch of concepts, like Tumblr, Bitcoin swaps, or all kinds of crazy things that we like like, only in the research, phase.
So so I I hope more people will work on Bitcoin privacy because, you know, like, it's really, really, really needed.
[03:10:18] Unknown:
So let's just leave it with that. In the in the spirit of that, can we can we agree can can we get you on the record saying that you don't think, the samurai guys are spooks?
[03:10:38] Unknown:
So I I I think it's I don't really want to get him involved. I I I hope I can I I I just would like to keep my distance and, you know, I I I just I don't want any more resentment in the space? Just
[03:11:02] Unknown:
Look. I respect that. I respect that, but I I'm probably one of the few people in this space that will unequivocally say on air, live, every fucking week that I don't think you're a spook, and I don't think the fucking samurai guys are spooks. And I do not appreciate the the fucking personal attacks on both sides, and and the samurai guys are 100% guilty of that shit all the fucking time. But, but it they're not it's not just them, and and I will unequivocally say that over and over again, for the freaks listening.
[03:11:37] Unknown:
Alright. Well, thank you, Matt.
[03:11:40] Unknown:
Open arms. Final thoughts.
[03:11:44] Unknown:
Yeah. I just like to say that, if you have any ideas of helping you guys diving in more into using Bitcoin in a more advanced way, I mean, joint market is a great tool for that. You don't have to use it, but it's great to try. You can try it on Signet. Free. Just play around. There are videos, documentation. Let me know if you can improve that or how we can do that. And, yeah, keep conjoining, you know, regardless.
[03:12:17] Unknown:
I love you both. I appreciate all the work you guys have done. Thank you for coming on the show. Shout out to all the freaks who have joined us for this one. Whether you were live or after the fact, you're the reason that I do this. I think you're the reason that we all do this. Bitcoin is designed to pump forever, and we will show the world, how it's fucking done. Thank you, guys.
[03:12:44] Unknown:
Thank you.
[03:12:46] Unknown:
Thank you, guys.
[03:12:49] Unknown:
Anything that ain't Bitcoin is a shitcoin. Spent the whole stingy on Bitcoin. Quick flips. High school misfit, but now I'm a big fish. Big dog big rip. Ice taking field trips. I fit my own new life, you call Biden dropped the stimmy. I hit a little shimmy. Hopped on the app to buy stats and got plenty. A couple months later, my girl was rocking Venti with this crypto knowledge putting checks on my tennies. Stacking sats till I got 10 b's. I remember when it only cost 10 g's. Bitcoin to die. Every year a new high. No lie. So I
[03:15:06] Unknown:
Appreciate appreciate you freaks. Shout out to, King Spencino on that fucking rip. That's the first Siddle Dispatch, end song that was actually requested and fucking followed through with no copyright infringement. So cheers to him. I wanna see more Bitcoin only fucking content, including fucking rap songs. I love all you all. See you for our HR on Thursday. Cheers. Stay humble, StackSats.
Bitcoin as a store of value
The future of finance and cryptocurrency networks
The importance of Bitcoin privacy
Importance of Lightning Network and reducing on-chain errors
Bitcoin as a tool for activists in repressive regimes
Concerns about flagging CoinJoin usage and the need for privacy
Incentives for coordinator participation
Importance of remixing in CoinJoin
Discussion on the feasibility of a Sybil attack
Address reuse in Bitcoin Core
Advantages of a centralized coordinator in Wasabi Wallet
Should a coordinator allow reused addresses in a mix?
