19 September 2022
CD76: DEBATE: Are the tradeoffs of Samourai Wallet's light client mode a benefit to users?
Different format than usual. This is a debate between Zelko and Mechanic with myself as moderator. We will return to our typical format next dispatch.
EPISODE: 76
BLOCK: 754840
PRICE: 5171 sats per dollar
DEBATE: Are the tradeoffs of Samourai Wallet's light client mode a benefit to users?
Zelko on Twitter
Mechanic on Twitter
support dispatch: https://citadeldispatch.com/contribute
twitch: https://twitch.tv/citadeldispatch
youtube: https://www.youtube.com/channel/UCoA72saVAuQ8hYCnBO0Lymw
bitcointv: https://bitcointv.com/video-channels/citadeldispatch/videos
podcast: https://www.podpage.com/citadeldispatch
telegram: https://t.me/citadeldispatch
stream sats to the show: https://www.fountain.fm/
join the chat: https://matrix.to/#/#citadel:bitcoin.kyoto
[00:00:31]
Unknown:
Happy Bitcoin Monday, freaks. It's your boy, Odell, here for another Citadel dispatch. This episode, it will be slightly different than our normal conversations on dispatch. We're trying a new format, for this specific situation. It's gonna be a debate. We might have more debates on the channel going forward. Before we get started, I wanna thank all the freaks who continue to support the show. As many of you are already aware, dispatch is a 100% audience funded without ads or sponsors, and I could not do it without you. The easiest way to support the show is by using a podcasting 2.0 app, such as fountain podcast, Breezewallet, or podverse.fm.
There are also many other podcasting apps that use the podcasting 2.0 standard. You simply use them like a regular podcast app, search still dispatch, press the subscribe button, choose how many sats per minute you think dispatch is worth to you. And as you listen, it will stream sats directly to my node. Podcasting 2.0 also supports a feature called boostograms, where you can do a single, a single payment that includes a message, and I read those read the top 4 of those from the previous episode, every rip. You can also support the show by going to cildispatch.com.
I have a BTC pay server there where you can send stats via an on chain payment or lightning. And I also have my pay name there, which you can pay from Samura wallet or Sparrow Wallet. My pay name is Odell. Very easy to remember. So shout out to all the freaks who continue to support the show. And if you do not, you know, I know it's I know we're in down down market right now. We're in a bear market right now, and, I know stats are tough to spare. If you do not have stats to spare, simply subscribing on your favorite platform, leaving a review, sharing it with your friends and family is greatly appreciated. As always, Serial Dispatch is broadcast on Twitter, Twitch, YouTube, Bitcoin TV, and is available in all your favorite podcast apps. So thank you. And once again, dispatch is a unique show in that we have a live audience, tuning in from Twitch, Twitter, YouTube, and matrix chat. The matrix chat, you can find at citadel dispatch.com by clicking that citadel chat button.
So we will be interacting with the audience as we usually do, and I want to thank the freaks that join us in the live chat because you make this a special experience. So before we get started, I'm just gonna read the top four boosts from the last dispatch, which was with Adam Back. So dispatch 75. We have at Nate Johnson contributed 50,000 sats. Says, this show is invaluable. I appreciate all you do for the space. Hope your family is okay. We have Mallard Quackenbush with 20,000 sets saying meow meow. Very insightful, Mallard. Appreciate it. We have letter 6173 saying, when sat girl summer with 7,777 sets.
And we have 8 mythrander saying, Adam is the real one, 5,001 sets. So I wanna thank all the freaks who continue to support the show. I do appreciate you. You can look up the remaining boostograms on your favorite podcasting 2.0 app. They're open for all. So without further ado, let's get started on this debate. I had Zelco. We have we have BTC Zelco in the house, a return guest. How's it going, Zelco?
[00:04:01] Unknown:
Hey. What's up, Matt? Yeah. No. Been good. Just, excited to squash some of this, these myths that that we would have. So yeah. No. I'm I'm excited. Life's good.
[00:04:15] Unknown:
To those who are not aware, Zelco works with the Ronin Dojo project, a full node, a full node solution, particularly suited for using the samurai stack. We also have, mechanic in the house who goes by Grasp Fed Bitcoin on Twitter. How's it going, mechanic? Hey. Good, man. Thanks for having me. Pleasure is mine. He works for Start 9 Labs. Another full node option available to Bitcoiners. So today's debate prompt is, are the trade offs of Samura wallets, light client mode, a benefit to users? This all started with a tweet that went out by Grass Fed Bitcoin.
Zelco and him had a back and forth, and then they decided to rope me in, tag me in the tweet, and say, let's have this debate live on air. Boys, before we get started, I wanna keep this as civil as possible. I do have god power over both of you and can mute. I do not wanna use that power. I've never used that power, but I do have. No. I promise I promise to be very respectful.
[00:05:27] Unknown:
Otherwise, it won't be a productive debate.
[00:05:30] Unknown:
Yeah. I'll do my best.
[00:05:33] Unknown:
Despite my original,
[00:05:34] Unknown:
you know, trolling style post, I don't intend to just sit here and sling shit. So would you like to maybe maybe to start us off, mechanic, you wanna read the tweet that started this all? Do you have it in front of you? I actually don't.
[00:05:48] Unknown:
I I can do it. They said, what's the opposite of galaxy brain meme template? I need something where the person just gets more and more retarded until they end up using samurai wallet. So that's the that's the initial tweet.
[00:06:07] Unknown:
Yeah. So, obviously, you like, trolling, poking fun. The reason I think it's, well, I like the title of the debate, how you framed it already, because that acknowledges that there is at least a trade off to doing it, using in, the manner in which you're not using your own node. And, consequently, if you're engaging in coin joins, you're leaking your XPub, which to me invalidates the whole charm and blinding, which is what people think imagine the purpose of doing coin joints is in the first place. And my issue is with the general framing in the space, which is not that, you just shouldn't do it that way.
Instead, it's you can do it that way, and there's a better way, which is to run something like running dojo and connect samurai to it, and or use Whirlpool through Sparrow or something like that. And to be clear, I think those are great projects. ZELCO, I really like Ronin Dojo, and other people in my company, as you pointed out in our debate, are fans of it. Like, Dave Crosson, for example. He's a big fan of the project, and as you mentioned, he's done stuff with you on it. So, likewise, that will likely be implemented in some fashion on start 9, on the embassy, and, people have come at me with, accusations of hypocrisy and things like that because I work for Star 9, and what am I doing? What's, what am I talking about? My company likes it. Am I gonna quit? Yada yada yada.
So, no, I don't want to do any of that. I I want to give respect my respect to you. Samurai even does, if I can steal my own samurai as much as possible, even does something which I find really hard to find outside of samurai wallet, which is if you set it up to connect to your own full mode and your node is offline for some reason, it won't work, which is great. Because things like Electrum, so many other wallets, where where privacy is a concern, and they have some sort of SPV mode, they will just fail they will just fall back to running public nodes and then betray all your privacy. It only takes one mistake to ruin privacy. Right? So, samurai, to their credit, don't do that. If the node isn't running and they're not connected to it, samurai just won't do anything. That's great. So I only have one specific problem, and it's a problem that I think isn't really framed correctly, which is simply what I already stated. I'll try and state it more concisely, which is I don't think it's better than, the default position where you connect where you leak your XPUB to summarize servers, by using your own server. I don't think that's better. I think that's required.
That's the difference, binding where you're leaking your XPub to 3rd parties. I don't think that's legit. I think there are potential use cases for it, and it totally does invalidate on chain analysis heuristics and things like that. It changes the threat model, but it doesn't do what a lot of people, I think, think it does. So that's why I want to try and spread that awareness even though I'm obviously being stupid and calling people retarded and stuff like that. I think there's actually a serious point behind it. And what it devolves into when I chat with this stuff is people going absolutely nuts at me for something that I'm unable to abandon because I do genuinely find it to be truthful.
So, yeah, I'll stop there, and let's, let's let you have a record.
[00:09:39] Unknown:
So to be clear, you're saying that what if, if you're connecting to a semi wallet server. Right? So, you know, they're providing all your balances. Right? That's what the x bugs are for. That there is no privacy gained whatsoever. Is that your overall stance because you're not running through your own node?
[00:10:02] Unknown:
I'm not saying there's no privacy gain whatsoever. There can be. It depends on whether you trust the people that you're providing the information to. It might not be. It might be. To me, it's, the analogy I like to use for it is VPNs. Like, I find samurai in that used in that manner to be like NordVPN or ProtonMail or something like that where you can actually be, in worst case scenario, just using a honeypot. Because if it's not actually like, a VPN will say we don't keep log, we have to trust them not to keep logs. That's not the same as them not having any data in the first place, which is a far superior model. Like, the basic adage, can't be evil is better than don't be evil. Okay. Well,
[00:10:44] Unknown:
for 1, right, that requires in in order to d docs, any of those ex pubs, right, 1, you you need some sort of PII. Right? Some sort of personally identified information. Something that will, connect you, right, to that to to that expo. Right? And you're talking about post, you know, post spends. You probably need to have some sort of link that actually connects you to your spend and then be able to trace it backwards or, yeah, like, if they were to tie the x pub that way. But they there's no sign up. Right? There's no emails. There's no names. There's no by default, it comes with Tor. Right? So your IP address is hidden.
So I'm not I'm not entirely sure, like, where that threat model is. Like, where, if you are in a pinch, you don't have a node. And this is coming from the guy that wants everyone to run a node, obviously. Right? Like, I would love if every samurai user was a Ronin Dojo user. It'd be fantastic, but that's that's not the that's not always the case. Not everyone has the ability to do that. Right? They might they might have the ability to mix some coins that they need mixed, and there of of course, there's a a trust model and trust trade off whenever when it comes to a light node any light node. Right? Like, any light wallet. Sorry. Any light wallet is gonna require some sort of trust model. Right? What and the the question is and the reason why Sunrise Wallet is set up this way to have their server is because they tend to believe that people who use their software have some sort of trust in them. If you don't trust Samurais Wallet, why would you run their wallet? Like, why would you install their software?
You wouldn't. Right? Like like, some people like like, it to me to me, that that doesn't really make sense. Like, if you're like, oh, they're bad actors, but I'm still gonna use it. Like, that doesn't make sense, whatsoever. Right? And if if you're looking for quick, you know, 3rd, 3rd party, you know, like, blockchain, privacy. Right? Samurai Wallet's going to give that to you whether you're using, using the light wallet, right, or if you're connecting it to your node, when it comes down to, let's look at the blockchain, right, or if you're chain analysis and you're starting from the end or you're starting from the beginning, you're trying to find out whose this is, who's this game from, then you have that privacy. That privacy is there, and you're not it's not unwinding it. Like, users there are a lot of users who can't just, like, up and run a node at the same time, like, from the start. I would love it if they did, but that's not the reality. It's not the reality of of Bitcoin. Like, running nodes has gotten way more popular, but we're still not at a point where the vast majority do it. So a trust trade off is is it's going to be there. Right? But it it doesn't make you not private.
Like, it doesn't, it doesn't take away from the privacy that you gain. Right? You're trusting do you and the question that users have to ask themselves, do you trust, Samurai Wallet? If you're a light wallet user, do you trust Samurai Wallet more than you trust Chainalysis or whatever it is that you're trying to gain? Because if if you trust 1 versus the other, you know, that that should be your trust model. Like, you have to if you if you're not gonna run a node, you need to have some sort of trust, And Samurai Watch is not to elect for random nodes that could be surveillance nodes, which we know that are out there. Instead, they chose to be the one that that bears that burden for their users.
[00:14:24] Unknown:
So I'm just gonna jump in here real quick and provide a little bit of context. I'm seeing a question in the matrix chat, which clues me in that this context should be given. When you're interacting with the Bitcoin network, to interact with the Bitcoin network, you need to use a Bitcoin node. Now that node could either be your own node or it can be someone else's node. If it if you're using someone else's node, you're trusting them with the validation, the verification of the rules of the network, and you're trusting them with some elements of your privacy. With Samurais specifically, you're able to use their software wallet, their mobile wallet, with your own node or with their node.
If you use it with their node, first of all, a warning message pops up when you first boot up the wallet telling you that there is a trust element involved in trusting their node, and suggesting that you consider using your own node. And the second thing is you're trusting them with the the verification of the rules of the network, and you're trusting them with some element of privacy. Now with Samurais specifically, it defaults to Tor. So you do not give them your IP address when you are connecting to their node. But they are able to if they are acting maliciously, they're able to link the different addresses you have together. So best practice in Bitcoin is to not reuse addresses.
But in this situation, whosever node you're using is able to then, in this case, samurai, is able to then link those addresses, balances, and transactions with each other. Now they obviously do not have a legal name. They do not have an IP address. They just because it goes through Tor, but they're able to link those specific things together. Now, yeah. So that that's that's the key setup that we're talking about here, and now you can carry on, Mechanic, if you'd like to respond.
[00:16:21] Unknown:
Yeah. So, I mean, I don't want a straw man, you, in any case. You're just you're asking people if they trust samurai, and I'm saying I don't want people to trust samurai. I want for samurai to be in a position where you don't have to trust them, which is the ethos of almost everything in Bitcoin. We're talking about trust less money, and I don't wanna be obtuse because these are having privacy in Bitcoin is not the same thing as Bitcoin itself. But I don't want to trust someone that has put themselves in a position where I need to trust them. That is not, that is not a serious way to go about things. It's and given that people are going to come to them, I mean, I don't wanna be crude, but if someone told you, hey, put this stuff over your skin, it will make you invisible, and it doesn't, like, you're doing far more damage to a person. Like, what's the consequences of a person going out who thinks they're invisible when they're not? They're gonna do things that they wouldn't do, if they knew everyone could see them. Right? So people might take precautions if they hadn't engaged in any privacy practices at all or any sort of coin joining privacy practices.
People might in people act carefully when they know they're being watched if they have the illusion of privacy, in which which can have been afforded to them by taking part in a coin joint, that worst case scenario again, I don't wanna cast aspersions here. I'm just saying worst case scenario. If samurai were bad actors and they were providing a service to people that were looking specifically for privacy because they wanted to do something illicit or, you know, they just wanted to privacy is a human right. We all know that people can do this to for the most, ethical of reasons, to just look after their own privacy. Supposing you go there, you engage in it, samurai turn out to be bad actors, your identity gets leaked in some way, which you mentioned. You said it's not a problem if identity doesn't get connected with the person somehow, but the fact that that can happen is why we need these practices in the first place. So if you're not worried about identity getting attached to any sort of Bitcoin address, then there's no need for coin joining in the first place.
The fact that there is means, you know, the point of coin joining is, my identity got linked to this Bitcoin address that I withdrew from some Bitcoins I bought from Coinbase. I withdrew them to this address. I now need to break chain analysis that will connect that address and my identity to other future addresses. The point of coin joining is to break that. If you reattach identity to it at some point, then that's a problem. But, anyway, I digress. I'm saying my point is that if you, if your identity becomes known, the whole point of coin joining is to break that again so chain analysis can't do it. But if you're engaging in that practice, in the first place, thinking it's giving you privacy, you're you might potentially be doing it through a company that exists specifically, maybe not even through a fault of their own, as, an entity that collects data from people and, you know, I'm I'm down around it, but I'm basically saying the honeypot I got what you're saying. The the honeypot thing. Right? So and, again,
[00:19:37] Unknown:
in order for the honeypot to be effective, right, so they they would, 1, need to get attacked. Right? And all the x bugs would need to be taken, All of them, not just one, not isolated. It needs to be all of them. Right? And then they need to have something that still connects them to that identity, like, to that xPub. So it's required. Problem that I need to Can you hear me?
[00:19:59] Unknown:
Yeah. For sure. I'm just saying it would be just one xPub, and that's a problem. Sure. But I I'm saying if if some if their
[00:20:05] Unknown:
if their server got attacked, it's it's all of them, but also the fact that, like, that one x pub would only give them one person. Right? So even even in the case that you're saying, right, they're they need something in addition. Right? The x pub alone is not going to do anything to link their PII, and that's what I'm saying. Their identity is not connected, right, because there's nothing that connects it before, and there's nothing that's connecting it. There there's nothing on Samuraiserv or in dojo because that's what their samurai server is, is dojo. Right? And, there's nothing I know better in Bitcoin than than dojo.
Right? There's nothing in Dojo that can that says, oh, you know, BTC, XLCO's, XPUB, like, boom. There's nothing that connects you from within their server, so there's nothing that can connect afterwards. Right? And there's nothing that can connect their identity. When you're talking about identity in in particular, now spending behaviors, whatever. Sure. But if they they need to have that other information, they need to have who that what that other addresses do. Private practices
[00:21:06] Unknown:
going forward, for sure, but it wouldn't necessarily be it they don't need to do the work of law enforcement for them. They can just say, okay. We have an ex pub. Here's a bunch of addresses which aren't linked due to chain analysis anymore, but we can provide you an XPUB, which will link certain addresses. Now it's a separate issue going and finding the identity that is attached to those addresses. That doesn't need to be an additional risk. Like, if you have to sign in to Samurais and upload a picture of your passport too, that would be a separate problem. Like, that's not you don't have to do that. I mean, hats off So the fact you don't have to So the argument is that someone's going to hack samurai server, a privacy server, the threat model.
[00:21:44] Unknown:
The That's one issue. Another is that there someone's gonna hack them and then just turn over all of their stuff to law enforcement. So law enforcement or chain analysis can link all of these xpubs or one xpub or whatever. Like, that's the that's the threat model that someone's gonna do that. Like, WhiteHat just, attack all these users. Because what it really what it really comes down to is that law enforcement, chain analysis, any of these companies, right, they don't have expos. They don't have that information. Right? The the users that are using it, like, wallet How do you
[00:22:18] Unknown:
that is what you need to explain to me, how you can be so confident in that assertion.
[00:22:41] Unknown:
If anything happens. Like, they it it's in it's been in their terms of service from the beginning. Right?
[00:22:48] Unknown:
Mhmm. Yeah. But are you saying that's entirely because they're bootlickers rather than the fact that there's pressure on them to do that, and they've just bent the price down the road? Said that they were not pressured to add in blacklisting. Like, you could go on a whole thing about what's stopping, but Right. We can conclude that law enforcement are definitely paying attention to things like CoinJoin. Right? They're not just letting it go past without any interest.
[00:23:14] Unknown:
Well, the the real threat model, and I'm wondering if you guys would agree look. I I think you both agree that obviously using your own note is preferable here. But the the real the real threat model with the light client mode is you're not just trusting samurai to not be malicious. You're trusting them to be able to keep their server secure. So if their server gets compromised, and we already know that maybe 90% over 90% of new users who come into Bitcoin are coming in via KY Seed Services, where they're uploading their passport, giving their Social Security number, taking selfies, putting their mailing address and stuff. If the server gets compromised by some government affiliated agency and then gets coupled with KYC information, then that entity can go and unwind the collaborative transactions.
CoinJoin can unwind those transactions because they have full sight into the rounds. Do we both agree on that? Mhmm.
[00:24:13] Unknown:
I mean, yeah. Yeah. If you have someone's ex pub, you can see, like, all the all the history. Like, that's And, like, the deposit address would be a a KYC'd
[00:24:22] Unknown:
attached
[00:24:23] Unknown:
to POS. The only thing I disagree with that you said is that, it's better to run a full node. My flat out assertion is that it's required. It's not better. And that's that's also just
[00:24:35] Unknown:
if you try to make something like that required, right, people just miss out on the tool. Right? The tool still work. Like like, it's trying to say that CoinJoin, which is the whole point of it is to obscure the blockchain. Right? Obscure transaction blockchain or a collaborative transaction. And by you trying to make an assertion that if you're not, that you have no privacy, that's saying that it you don't even get any sort of gain, which you do. You get immediate gain, right, from having this transaction because the only way the own and only in this fairy tale situation is that if they get compromised. And if they get compromised, you could easily move those funds to a brand new wallet that's backed by a node and then mix them again. You can do all of those things if you're really that concerned. But, honestly, like, the the threat model the threat model the current the current threat model is against chain analysis, right, and against people just looking at the blockchain.
Does does does does does Whirlpool give you that this is what I need to know. Hold on. I need to know that. Does Whirlpool solution. Does Whirlpool give you transactional privacy, right, on the blockchain?
[00:25:48] Unknown:
You can make some assumptions about it. I mean, look, with a theoretically perfect hold on. With a theoretically perfect coin join, if best practices are observed by everyone involved, and it's something like join market where there's, you know, where we have a superior approach in almost every way. Just saying, oh, I'm not a wasabi, and much preferred coin market. I'm saying if other people engaged in the coin joint don't observe proper practices and link UTXOs again, that ruins your privacy too. So there's no such it's a very approximate way to get privacy into a system that's public by design. Privacy is a huge issue in Bitcoin. It's really difficult to see how know why join market's privacy doesn't if someone has really poor practices,
[00:26:30] Unknown:
it it ruins their privacy because you're only mixing you're doing basically just one collaborative transaction. Right? Like, you're not doing you're not having 5 people, and, like, yes, one of those 5 people could screw up, and then everyone else is still remixing. We have far more liquidity and Whirlpool than we do in joint market. So as those numbers go up, you're just hiding in a in a a far bigger mix. Right? People are mixing the cold storage and leaving it there. It's just continuously getting gaining privacy because people don't know who those transactions are, like, who those UTXOs are from. Right? So your your theory that, that you're gonna get better coin joints from joint market, that's also very silly.
And one person could ruin that versus one individual practicing bad habits, which are preached and and explained thoroughly multiple times by hundreds of people in, in the samurai community. Right? And, like, we don't do the spend all. There's so many, like, red flag or pop ups that happen when you try to hurt do something that would harm your privacy in the samurai wallet because they know that at the end of the day, some users are gonna do something stupid. Right? But it's not going to ruin everything for everybody. Right? It's not going to unwind everything. Right? You still have far more, privacy, and that this is a totally different topic, but you're getting more privacy from from that than you are in join market. But the the It's pro Like, that's that's, like, laughable to me. But the private it's coin join. It doesn't
[00:27:55] Unknown:
it doesn't completely do it with one mistake from one participant. It's just an assumption. Right? Like, you have you engage in a round with a 100 other people. You assume that 20 of them are at the FBI, another 10 of them are gonna remix their UTXOs afterwards, and you'd be more pessimistic as you like, or you engage in more rounds afterwards, and you go, okay. I feel pretty private now. But this is the whole thing. It's all very approximate, which is why you don't wanna shoot yourself in the foot by using something that's designed
[00:28:23] Unknown:
in a compromised way in the first place. Like, you're you're what you're saying about Sam Okay. Do you know why let me let me just stop. So there's a specific reason why Samurai Wallet opted to to do the server mode. Not sure if you if you know the history. Right? So Samurai Wallet's been around since before, the the user activated software. Right? So that was why. And they allowed a trusted note option where you could connect to connect to your your note or or whatnot. But, sorry. I didn't mean to keep clicking my pen, Matt. But the whole I told Zalco to stop clicking my pen. He did. I I've been clicking my pen. I'm sorry.
But the whole point was that people were running people were running light wallets. So they came from a time period, which I know is hard for everyone to to understand now that we have, you know, everyone. There there's too many node node projects now, for people to think about not running a node. But, like, there was a time when the majority of users didn't run their own node. It just wasn't a thing. Right? So they said instead of using a an an Electrum style setup where, you're gonna be connecting to a random node to fetch your balances, why would you give away that information?
At least, at a minimum, you can trust us because you're already using our software. That's why that that model is there. It's not because of, like, some other thing. It's the fact that most users understand that trade off. Most users who are using LightWallet are either starting out like that because they don't have a node. Right? And they're okay. They wanna try to they wanna see what's going on, and then a majority of them switch over to a full node. Right? But the idea is that if you take away something that gives them that immediate privacy because there has not been a leak, there hasn't been a hack, you're still going to be able to to transact privately, right, detaching away from that initial whether it was KYC or that initial transaction.
Whatever the previous history was is gone. Right? Like, you you actually have that unlike in in other coin join attempts. Right? You actually get that deterministic links are actually broken in Whirlpool. So moving forward, they have that privacy. They can do what they want. Right? They could they harm themselves? It's very difficult, but could they? Sure. But at the end of the day, you're talking about in this in this fairy tale situation where samurai gets hacked and everything is is to shit. If that does happen, it's bad for everybody. Like, it is bad for Bitcoin if that happened and everyone who was a light wallet user with the with the I chose a pet. But they're not well, why would you change it now and force all users to run an a node in order to use their mobile wallet?
Forcing Well, you don't have forcing users to do that is not is not something that, one, they need to do. Right? Because most users wanna transact, like, at the highest privacy level that they can.
[00:31:14] Unknown:
So You don't have to they run a node. I have the game for that because it's not necessary. You can still do this thing with an SPV. You don't need to. You can just use block filters, which as you point out weren't available back when Samura's original design was done. Bit 157 and 158 solve the problem of having nodes that you have to pull data from and consequently ruining your own privacy. Block filters get rid of the full set of people to provide you the block filters. So what's your like, there's not it doesn't it doesn't fit in yet. You're trusting them with the fleet of the network, but you're not trusting them with, keeping, not keeping logs of what it is you're requesting because they don't know what it is you're requesting because it's probabilistic.
They have to make so many assumptions. You're pulling a whole bunch of data, and you're obfuscating the specific requirements. It's not like, here's my XPub. Tell me the exact history of this on the blockchain. It's, here. I need a 10,000 bits of data. One of them is interesting to me, and you've got no heuristic for figuring out which one it is. Block filters are really good. They're much better than bloom filters, but they're newer. This is what this is a good design, and you can switch to that if it's really important, which it is, to make sure people without nodes can still engage in coin joining. Switch to block filters. Does block does block filters work for,
[00:32:27] Unknown:
anything other than BIP 80 4? Yeah. Wait. So let me just jump in here real quick. So block filters are what Wasabi uses. Block filters, you have a trust trade off in terms of you you're you're trusting the provider of the block filters to actually notify you if your transactions came in, but you're not trusting them with your privacy. Now my basic understanding of the situation is that block filters are too heavy to currently implement on mobile. I even Nopara, lead dev and founder of Wasabi, has agreed with that. You know, Wasabi uses a desktop.
So I to me, the crux of this debate comes down to the fact of, should people that only have a mobile phone, that do not have the ability to use their own node, do not have the ability to use a desktop computer in general, are those people should those people get some kind of privacy gain on the ledger even if it requires trusting an entity such as samurai? And if you use join market if you use join market, that doesn't solve that issue. It doesn't solve the issue for people that only have mobile phones.
[00:33:46] Unknown:
Yeah. I just don't like the framing of it as a privacy gain because it's not necessarily a privacy gain. It can be weakening depending on whether samurai are not only trustworthy, but also just completely competent, which they can have the best intentions in the world, but accidents happen. We we need the data not to exist in the first place. The minute it does, it's it's a problem. This is like
[00:34:09] Unknown:
a a white knight this is like white knighting privacy. Like, it's not the it's not the realistic
[00:34:14] Unknown:
Well, let's let's let's bring this let's bring this to a scenario let's bring this to, like, a a real world scenario, because I'm curious. I'm curious of mechanic's opinion. So if if you're if you're if you're an activist in Venezuela and you're receiving donations in Venezuela, and you're concerned about the Venezuelan regime tracking you on chain when you're using Bitcoin. Does Samurais light client offering provide a benefit to those users?
[00:34:50] Unknown:
Potentially. And also it could be harming those users as well, like, seriously badly. And, given the analogy I made earlier, which is if you think you're naked and you're stealing stuff from a supermarket and everyone can see what you're doing, that's awful in comparison to you knowing people can see you.
[00:35:07] Unknown:
So it might be better not to have engaged in privacy at all. Hang on. I think I don't think we have a good time to do it. I wanna I wanna finish my thought process with mechanic. Sure. Mechanic, if does do you still do you still feel that way if the wallet is telling you that you're trusting Samurais server on boot up and explains the trade off to you?
[00:35:31] Unknown:
No. I I well, yes. I feel that way. Even with full awareness of the fact that you have to trust Sunrise Server, it's still I would still criticize the design of it and the fact that it's possible in the first place, but obviously that's my preference that they would warn you and make you as, like, I think people should be able to use VPNs. Right? I think people should be able to use samurai in this way. My critique is mainly that it's never characterized. It's a different kettle of fish altogether. Using your own samurai with your own node is a different model than using, their server. It's not an simply an improvement to use your own node. It's a different set of issues.
Like, my analogy for it is, like, you wanna access a website, like some streaming service at hulu.com or something, and it only lets Americans use it. So you use a VPN and you go you hop on an American IP address, and then you can watch TV. Hooray. But that's not like, a guy in Iran or something trying to, gain privacy from an adversarial government. Right? They're gonna use the Tor network. They're not gonna use a VPN. Why? Because a VPN is potentially just a honeypot and could be worse than if you just used your raw IP address. So this, to bring it back to samurai, to me feels like if you want to deposit some coins in some, you know, putrid institution like BlockFi that will censor stuff that comes from certain places.
What you would do if you have a blacklisted UTXO is you can use samurai, without a node. Right? Because you can break the link between them, and then the service has no idea that you're coming from a blacklisted UTXO. It's good for that because they're not really bothered about doing a proper investigation, just like Hulu aren't bothered with confirming that you're really in America or not. They're not gonna go to that length. But Hulu is a very different threat model from NSA or government agencies in general. They're different things. Sorry. I went a bit on track there.
[00:37:31] Unknown:
So, Zelko, you had a problem with my analogy? No. Not your analogy. You're my I have a problem with analogy. It was a thought process. Yeah. No. Your thought process was fine. Yeah. I I do like it. I just don't think that it's frank. My my, like, issue is they keep framing. It's it's the wrong framing when you're saying, people would run into a, like, if you're if you were told that you're naked in a supermarket or that you can run naked in a supermarket because you're invisible. That's that's seriously absurd. Because, 1, like, on top of that so all the warnings, right, you're like, okay. Well, one person can see me if they were, like, naked in a supermarket when they wear these special goggles because they can they're the only ones that can see me run naked. Right? So they're the only ones that can see me invisible rather because that's that was your thing. So only one person can see me invisible. Right? But if they share those goggles with someone else, then another person could see that I was doing it. Right? Not everyone's going to see that I was doing that, but only the people that have the goggles. That's the that would be a better framing of your analogy and you saying that, like, you're gonna do some, like, crazy thing because you think that ever no one can see you. But, really, you know that one person can see you. Right?
So to me, if you're gonna frame that argument I I just I still don't understand why we were talking about someone Sure. Run around naked. Not really my thing, but, like, you brought up something that I will touch on. You said it's a different model, samurai server versus running our own node. How how is that the case? Like, if I pulled up 2 transact 2 Whirlpool transactions, Right? One that had a you know, maybe I know that there's a maybe I ran a light wallet, and I I mixed it. Right? And then another one was a, you know, another mix that I ran from my dojo.
Are you gonna be able to tell the difference? If you look at if I just gave you a transaction ID, would you be able to tell me that this is samurai wall this is the samurai server 1 and this is the dojo 1? No. But that's not my issue. But that but that's what you're saying, though. You're saying they're 2 different models, and they're not. Like, you're saying that you don't gain these privacies that people would transaction transact differently, and then you're also forgetting a totally different threat model that a bunch of people in the chat have actually brought up, and I can't see them anymore to to read them word for word. But, you know, running a full node on like, all the time versus a, using a light wallet in someone else's server, Right? That also like, having all of that data pulling all the time, right, is going to be a trigger to to outside observers, right, versus if you're using that light wallet. In some countries, it's more of a risk to run the node than it is to use a light wallet.
So, like, you know, this this idea that you have that, like, everyone needs to have like, I would love it if everyone ran a node, but that's that's, one, it's not realistic to the world scenario that certain people live in. And 2, when you take that and you extrapolate to also block filters and people in shitty countries that are I guess, it's not a shitty country if you live there. I'm sorry. But in these underdeveloped countries, and you are trying to download block fill like, bloom filters to pull all of your information, which takes forever anyways, then on top of that, you have the these incredibly deep wallets, you know, 10,010,000 plus, deep wallets.
Like, I have one that's new, and it's at 10,000. So 10,000 plus, UTXOs, and I have to wait for the bloom the bloom filters to come through. And it doesn't work for all the different address types. Well, I'm sorry. Like, that's that's silly. Like, I don't know why that's even mentioned. But, yeah, it's not 2 different models because they literally provide the same exact transaction. And no one using it, no one no third party can sit and look at the blockchain and tell me and because that's what this is about. It's about, do you get blockchain, transactional privacy? You do. Right?
If you somehow if somehow you were using Samwise server and your shit got like, their server got hacked, like, then you should take the appropriate steps, which should basically should be moving your funds if you didn't already spend them. Move your funds. Yeah. Right to the index club, right, and back at Vidyoja. But, like, everything else right?
[00:41:50] Unknown:
Wait. But let me Zolka, let me ask you. How would you know that they got hacked? Would are you just relying on them telling us? What do I trust to disclose something of that severity?
[00:42:01] Unknown:
Yes.
[00:42:03] Unknown:
But what if they don't?
[00:42:05] Unknown:
Then my like, I had that much trust in them just like you guys would disclose anything, like, similar to that as well. Right? Like, people buying stuff. I mean, we both we both are in companies that sell nodes. If if our server got hacked, would you not do the moral obligation? Wouldn't you have a moral obligation to tell your users. Correct? Like, that's of course, I'm going to trust them. If they didn't if they didn't, then then, yeah, that's on me. Right? Like, if it like, I made I took that chance. I took I accepted that that risk of using a light wallet.
They I mean, like, not to mention that they're one of the few I'm not commission. They don't have a few, like Right. Developers that has a canary. Right? So if that canary is not updated, then I know that that they've been compromised.
[00:42:56] Unknown:
But we have aren't canary at start 9, and it makes me laugh every day because I can't believe anyone actually takes these things seriously. You're expecting the FBI to go, hey. And by the way, you can't tell anyone that we've approached you. And you go, uh-uh. We've got a warrant canary. We're gonna take it down. And they go, dagnabbit. You got us again.
[00:43:17] Unknown:
Work. Oh, warrant canary. That's not how warrant canary and carries work.
[00:43:21] Unknown:
Look. If you take it, you're supposed to be able to Yes. I no. I know how Warren Canaries don't work. They are security theater. Okay. But how do they work? How are they supposed to work? In theory, they're supposed to get around the fact that you can't disclose that you've been approached by law enforcement, but you can remove something that says you've never been approached, and that gets you around the fact that you're not actually telling people something. You're removing a statement, which is not in and of itself speech. So
[00:43:51] Unknown:
you're saying that you would modify the warrant canary? No. Isn't the way warrant canary is The warrant canaries would work is that I if I got approached, I wouldn't re I wouldn't renew my Warren Canary. Yeah. So in my Warren Canaries
[00:44:03] Unknown:
update. You constantly update Warren Canaries.
[00:44:05] Unknown:
Kinetics and ideas that But in the months, no one gives any attention to Warren Kinaries because Samura themselves made a Warren Kinary that says if we ever incorporate, I think their wording was anything that isn't Bitcoin, we've been hacked. Then they implemented Monero. Implement Monero. And they ordered. But they didn't implement Monero 1,
[00:44:23] Unknown:
2. Like, this is like, my I know I said on Twitter, like, you're out of element. This is one of those times. Like, you're out of element. They have not implemented there's no Monero in the wallet. They've never implemented anything that Yeah. Yes. That, like, puts Monero on the wallet. K? So, like, when they're talking about, when they're saying that, they they actually mean putting a a an alternate coin into the wallet. Sure. Right? Okay. Let's go look at their warrant canary and understand what they're actually saying. And warrant canaries work by saying that you're not going to reinstate or renew that warrant canary after you've been approached. And there's not that's not a, hey. I have to go and tell everybody. That's just a silent means. Right? Weren't a canary in the coal mine. It is a way to disclose to the community and all the users we've been compromised or something happened, right, and we didn't update it. Okay. But Because they can take your social media. They can take everything else, but they can't force you to renew, right,
[00:45:22] Unknown:
to renew that that same warrant canary. Let me just jump in here real quick. I think both of you agree that you have to trust samurai to under to know that there's a breach and to disclose that there's a breach. Mhmm. I think both of you guys agree on that statement. Correct? Yeah. Absolutely. Yes. Whether that's through a Warren Canary or through a Telegram message out to a trusted
[00:45:55] Unknown:
and it comes down the the reality is that this whole thing comes down to to the client portfolio. This comes down to people, needing they need a, they they need the privacy from, you know, from their government or from what whoever else, right, from law enforcement, and they're willing to accept that. And I know that because I've, like, specifically talked to tons of people, right, from other countries that don't that that do not trust their government with anything. I mean, most people don't trust their government. They're Bitcoiners now, but, they specifically they fear the government more, right, than this, you know, crazy weird threat model. K? So, like, people in South America don't give 2 shits about it, and it costs more, and it's more obvious that they're doing something nefarious, right, or suspicious rather, if they are have this huge influx of data being pulled at their house because they're running a node.
Right? They're downloading the blockchain like that. Those are things that they worry that their government will be more keen to than using some mobile wallet, right, in a light light wallet mode. So, like, when we talk about that and and even, like, you know, you can you can extrapolate to anybody that's, like, you know, an uncle Jim. It that's a threat model. I don't care. Like, you we can say whatever we want. Uncle Jim's great, but is it a threat model? Sure. If we're gonna play play the game, then play it all the way out. You know? Like, every like, your your idea is that, is that everyone like, every wallet should be ran by your own node only. Because if you're not saying that, then every other wallet is is also fucked.
[00:47:36] Unknown:
No. I'm not saying that. I'm saying you need to run a node if you want to use samurai in a way where the Chaumian blinding is not a larp.
[00:47:46] Unknown:
Is not what?
[00:47:48] Unknown:
A larp, l a r p. Sorry. My English accent is sort of off. So it's LARPing. Right? Because
[00:47:55] Unknown:
what they don't know, those other people, if they didn't have the chimney and blinding, which for those of you who don't understand, that is how, that's the coordinator, the blinded coordinator that's creating the transaction. Right? So and you you can tell that this happens in your Samura wallet. Right? Because after your your mix right? Before you mix, you have an IP address. After the mix, you it says you have a new Tor sorry. You have a Tor identity. And after that, you get a new fresh Tor identity after the mix. So what you're saying is that that tour or that coordinator is a LARP because it has it might have a user in that 5 person mix that is using a light wallet. That's that's the stance that you're taking?
No. Not necessarily. So you're just saying you're just
[00:48:43] Unknown:
And the coordinate hold on. I'll characterize it myself so that it doesn't get wrongly framed. I'm saying that having show me and blinding in a setup where you have to trust the coordinator with your ex pub in the first place, you're you're obscuring something, and you're revealing it at the same time, which is stupid. Why bother obscuring it if you're going to reveal it? Not every user is a light wall user.
[00:49:11] Unknown:
I'm not talking about the other user. It it has to go in for all the anyone that's putting in the input. Right? Anyone that's that is partaking in the mix has to get blinded. I guess they don't have to. Right? They could just choose to not have a blind coordinator. They could just have a a clear and obvious coordinator, but they clearly don't do that. Right? Because that wouldn't Oh, they're blinded from each other. It's blinded from them and from everyone. The only time that they don't that that doesn't correlate over, that that what my statement isn't true is for this case for the light wall because they see that the UTXO after. Right? But what you're what you're saying, right, is that why why do the the blind transact it's because not every wallet in there. They're not picking people. They're not saying, like, oh, this is gonna be a all light wallet, a samurai server mix.
[00:50:03] Unknown:
Right? So From the perspective of the user that is running a light wallet, they told me an element becomes something they just can't rely on.
[00:50:12] Unknown:
But, like, you're not I I don't understand your what your point is. Like, you're trying to say what? Like, that that the blind coordinator doesn't matter to these people? It doesn't matter to anyone? Like, I I don't think I don't understand because like, well, it uses mixed with Dojo users. So I don't understand your point. For the people that are using Dojo and Sparrow and all that because they are mixing with people that aren't really mixing or at least aren't getting proper privacy from their mixes. How do they not? See that you keep saying they're not getting proper this is where I I, like, get frustrated because you keep saying a proper proper privacy from the mix. They are.
They are. Until the day until like, you can come back later and tell me later on, like, I told you so because SamRack gets hacked. But until that happens, you gotta tell me how on the blockchain, how these people do not get privacy from going through Whirlpool, whether they're on LightWallet or Dojo. Right? They or Sparrow or whoever. They're all they're all mixing together. It's one liquidity pool. I don't understand why, guys I don't understand how in the immediate moment right now, there's never been a hack. Right? There's never been a hack. There's never been anyone arrested using Samura Wallet. There's never been anyone, like, taken down because they use trace through samurai wallet. So I need to know how this is an immediate threat model and that these people are right now losing privacy. They're not getting privacy when they're going through Whirlpool as a light wallet user because everything else that that if I look at any sort of Whirlpool transaction, I can't fucking tell if it's if it's a LightWallet or if it's a Dojo user. So I need to know how they are losing right now. Like, not not in the fairy tale situation.
Right now, how are they losing privacy? Because that's the statement that I have an issue with.
[00:51:59] Unknown:
Yeah. Sure. But, I mean, you're saying they've never been hacked, and I'm saying how do you know?
[00:52:04] Unknown:
Because if you don't think that Ceramic would have gotten hacked, number 1, we would have seen arrests. Correct? Why else why else would you hack a privacy wallet server?
[00:52:15] Unknown:
For the same reason you let people stay inside criminal organizations
[00:52:19] Unknown:
as rest. So just to sit there and and let them continue to make money. And, like, you don't think that after all of this, like, you really think that I mean, like, I gotta say, if you if you think that Samwise Wallet I mean, basically, what you're saying now is that Samwise Fed, That they're comp that you think that they're potentially compromised and that they would just continue to develop and operate as status quo. Right? I yeah. But then Guys, I think That's we've already
[00:52:50] Unknown:
insane. We need to pull this back because I think we've already all agreed that that you have to trust samurai to know that they're compromised and to admit that they're compromised. We we this is part of the trust model. I thought we've all agreed on this already.
[00:53:07] Unknown:
Yeah. I definitely agree with that.
[00:53:09] Unknown:
The I wanna I wanna bring it back to another real world scenario for a mechanic, and then we can continue. So you're you're you're an employee in Spain, and you're getting paid by your boss. You only have a mobile phone. You receive your payment to Samurais. You don't use your own node. You use Whirlpool collaborative transactions so that your boss doesn't know your spending habits. Is that an improvement over not having samurai like client mode?
[00:53:43] Unknown:
Yeah. Absolutely. Like, there are certain circumstances in which you're comfortable with a VPN knowing your browsing habits, but not your ISP. And that's exactly comparable to using Samurai instead of just doing everything on chain. I mean, when I say on chain, I mean, without any sort of privacy practices at all. So wouldn't that warrant the light client mode existing? As long as the risks are explained to users? Yeah. I'm I'm happy to walk back from my original, post on Twitter and say there are reasons to use it. Just like I would say there are reasons to use a VPN. I just don't want people thinking that using Tor is better than using a VPN. It's totally different. It's not, it it changes the whole model of what you're doing, and they are in different worlds even though they look similar. I think it I think the analogy holds up pretty tight. Like, samurai, like client usage, is like using a VPN. It crudely gets around stuff, but you're moving trust, to something else rather than getting rid of trust, which is obviously better. It would be great if we didn't have to trust samurai at all and still be able to use light nodes. That would I'm sure you agree, Zelco, that if you could use samurai without a full node and didn't have to trust them at all and not just go, they've probably never been hacked. Like, it would be a lot better if it was like, yeah. If they got hacked, it doesn't matter because they don't have any valuable information.
That would obviously be better. Right? I'm sure you agree with that.
[00:55:14] Unknown:
I mean, like, is there sure. Like, if there was no if there was no server and everyone you know, they had a different model, maybe. I mean, I would have to see what other potential options there are. And right now, there are no other potential options that serve the mass amount of users, right, to serve the people that can't that can't or don't run nodes, but still need privacy. So the until there's a solution that works, which, as I've already said, bloom filters would not work. And I know that SamRite Wallet would love for there be a solution for that not to be there. Like, they wouldn't develop the stuff that they have. They wouldn't develop Dojo if they wanted people to just stay on their server. Right? Like, it it's it costs more, right, for them to run a server and beef up at the server, add more, add more, like, like, hardware to their server, right, so that they can provide for all of these different people. Their server cost would go down if they didn't have to provide a server to people. Right? So it's better for them. They like that people run Dojo. They've always told since they released Dojo 1 point o, and I'm glad that I've been around since then, they've always wanted people to just run their node or to run Dojo.
Like, they don't want people to be on there. Everyone and that's why and you see it. Right? You see it because stuff is set up that way. All, obviously, all the warning signs. Right? But, like, then you go into, like, the actual remixes in Whirlpool. People who are remixing are generally who? They're generally people who are running a full node. Right? Because then you can just let it sit 247, and that's how you get those remixes because it's just running in the background. Right? If you have to keep it open on your phone, you're not gonna you're not gonna get mixes. It's very rare that people get mobile mixes, right, because of how big the liquidity pool is. So, like, to me, everything indicates that they want they they would love for a solution to be there that would actually work and provide the same level, same user experience that they have right now.
Right? I I can safely attest without being being, like, in on their team that, of course, they would want something that would work better, but right now, there isn't.
[00:57:30] Unknown:
Okay. So, first of all, I said it earlier, but we were talking over each other. I just wanna clarify. Bloom filters are old tech. It's different than block filters. But block filters, as it currently stands today, are too heavy to use efficiently on mobile. I think you both agree that if if you both agree that in certain situations, if the trade offs are made clear to users, the light client mode, the the ability for mobile users to to use transactional privacy tools to get additional privacy under a certain threat model, is valuable to certain users.
And then I think you both agree that in a perfect world, that light mode, that mode without a user using their own node would not disclose transaction information to samurai servers. I think you both agree on both those statements.
[00:58:36] Unknown:
Yeah. Pretty much. I mean, what, throwing back to what you said a minute ago or actually quite far back with your question of, you know, if it comes with sufficient warnings and stuff. I mean, I don't know, what the warning is on Samurai exactly, but my thought on that is that if the warning exists that says, oh, if you're not gonna use Dojo and you're going to you're going to trust our server, in doing so, if there's ever a breach on our side or if we're bad actors, the privacy you have here can be completely undone. I just don't that would be the warning I would put on there, but I just don't think I would never develop the software and put that warning on there and just go, should I just get rid of this feature altogether? Because the fact that it's so bad means I'm basically telling people not to use it. Like, that to me is a a a a fair reflection of what you're offered when you use it with a light client. And I think it's you say, Zalco, that they don't wanna be, hosting people all the time. They don't want people to be using their server. They want them to use Dojo. I'm like, okay. Great. Then we agree. Get rid of the feature that allows you to use a light client at all. You can't. Like, you you can't just get rid of something that negates out,
[00:59:48] Unknown:
like, potentially 1,000 or however many. The a mass amount of users who are using light wallet because they have to. Right? You're taking away people's ability to to have on chain privacy that we've already discussed, right, because of what it looks like, right, because of, you know, this this niche, potential, like, potential thing to happen, which which they disclose. So, like, I don't know. I I, like, I don't see why like, I I don't I don't see the benefit of taking away a tool from people who need it. And that's really what I mean is need it. Right? We have a lot of people who who try to who, like, wanna take privacy seriously, but they don't actively need it. And then there are people who need it. There are people who live in countries where they need financial transaction privacy transactional privacy. Like, they need it versus, like, I'd like to have privacy.
Right? So, like and I'm not saying I want everyone to be private, but, like, there are people who, like, life and death need need these kind of tools. Right? So you don't need So what so so as I've said as I've said, right, there are plenty of of other trade offs to running the node that's just as as risky as trusting Samura Wallet. They understand the threat. That's that's why people still use it. Like, if you think that, like, people who are in those risky situations will look at the trail.
[01:01:19] Unknown:
There. I'm saying that if privacy is that important, and I agree with you it is, it's life and death in some situations. The last thing you should do is be trusting a third party with that information. But it's not a third party.
[01:01:30] Unknown:
It's them. You're trusting the wallet that you're using. The wallet could be nefarious. Like, any any other wallet, like, I could use Not a problem. I could use the name of wallet. About the fact that people are using a binary that they can't reproduce and be build, pull from. Okay. So then we'll go to a different foot. Do we wanna transition to that one? Well, if you like, but it's a different issue. Sure. It's a different it's a different, you know, goalpost. Sure. Well, I don't know. Because, like, I've built it from source, like, using like, actually using the tools and built it from sources, YouTube videos of people building it from source and reproducing the actual, APK. And then there's people that actually understand how Google APKs work.
Right? And how the reproducibility doesn't mean shit. And it's a really stupid conversation to even be having, to be honest. Because if you really don't trust the the Google APK and you wanna use the the correct APK, right, you just go to their source. You check their, you do a checksum on, their actual release from their website, and you download from their website, and you check the code and make sure it verified just like you would for any other desktop wallet or anything else that you use. Right? So you could do that, and you would have the reproducibility that that you wanna complain about. Right?
And, otherwise, like, the like, this conversation is totally separate.
[01:02:50] Unknown:
I agree.
[01:02:51] Unknown:
Okay. Because reproducibility on a Google APK is the is the most bottom bottom of barrel thing, and it's been so over it's been so, such a shutdown conversation. Like, we've debunked that so many times. I've debunked this one so many times. It's it just blows my mind that, like, that that's why like, if if, like, my if my debate was enough and then we had to transition over to reproducibility, it's like, okay. Like, I mean, we can we can hit all the fun. I don't care. I've I've been doing this for a long time. But just understand, like, the reproducibility thing,
[01:03:31] Unknown:
is I I'm not saying
[01:03:33] Unknown:
and led by a person who has a personal vendetta, like, against against Samuari in particular. Right? But,
[01:03:42] Unknown:
it's old FUD, debunked FUD, and it's not even, like Right. Again, I wouldn't characterize my position as, wanting to throw FUD, and it comes as disingenuous and hateful and all that stuff despite my original tweet. What I want to do is love it and encourage people to use it, and I'm close to being able to do that. There's one feature that I think is doing more harm than good that if it could go, would be a net win for privacy in the whole thing. Like, I'm Yeah. As I said, let me like and celebrate a bunch of the decisions made in the development by samurai. I like, Sparrow. I like your project running Dojo. I like these things.
What I have an issue with is one element of it and how it's characterized. And you've impressed upon me over and over again the life and death, the importance of privacy. And I'm saying, exactly. If privacy is that important and the difference can mean your death, then you can't ever tell people unserious solutions that might have an issue. Like, you need to be as forthright as possible. Like,
[01:04:39] Unknown:
there's no Which which they are. So the I mean, that they are that forthright. Like, that is that is well, like, I mean, that you can have your opinion, but you you've already said that you haven't seen the warning. You haven't seen any of the pop ups. So I encourage you to, you know, download the wallet, start a new wallet, try to connect to their server, and see all the all the warning signs that come up, in addition to the fact that there's, you know, been 0 arrests or 0 issues with any of it. Right? So, Yeah. I I, like, I had a I had this point, and then you threw me off with that last one. But, yeah, I'm I'm just still kinda baffled by the fact that we think that it needs to be a node backed only, because it it doesn't take away from anything that a third party sees. Like, it just a third party would need to actually have the information that you're talking about.
Right? I want everybody to run a node. I hope everyone does. But, it's it's just like you said, it's it's not something that can actually work in all the countries. It's things that in other countries running the node could be the thing that gets you compromised, right, which we don't we like, you keep passing over. Right? So what do you tell those people? Like, that their their Internet, usage is is, what's called, monitored. What do you tell those people? Sucks and suck?
[01:06:11] Unknown:
No. I'm not saying that samurai with a light client doesn't have a valuable,
[01:06:16] Unknown:
place for people. But you can't use the the tools?
[01:06:22] Unknown:
Yeah. I don't have a problem with people. The their threat model is if I run a node, I'm in trouble, but I need privacy anyway. Then, yeah, their best bet is likely somewhere with a not like client.
[01:06:35] Unknown:
Okay. So, I mean, that it's exactly what I've been arguing this whole time. Yeah. That I don't think so. People need it. Some people don't have a choice, so you can't take away. No use case, Zalco. I'm saying that
[01:06:48] Unknown:
just like using a VPN to get around geo blocking, it's not the same thing as using Tor. They're they're just not the same.
[01:06:57] Unknown:
Okay. So so now Samurai with Zoho is Tor, and samurai wallet is a VPN?
[01:07:05] Unknown:
Yeah. I really think that analogy holds pretty tight. Oh, by the way, this douchebag who just asked, sorry. That's his real name. Is Ronin Dugger available in the Start nine marketplace for one click install? I'm sensing some underlying tension here perhaps for business reasons. There isn't this is a I should say really clearly, I'm not talking for start 9 here. I'm talking, on behalf of just myself, and there are people in the Start 9 company that actively really like Dojo and want it as a part of the Start 9 stack. I don't know if it would make it into the official marketplace that we offer, but, you know, it would definitely be available in the community marketplaces that are, I guess, coming.
[01:07:45] Unknown:
Yeah. There there's no, business tensions, to be honest. If there was, there'd be there'd be a whole another thing. But we had we had that note debate before.
[01:07:58] Unknown:
Someone else was in online.
[01:08:00] Unknown:
Just to be clear to the podcast listeners, that that was that was a freak named this douchebag on Twitch that he responded to. I just want everyone to be aware of that. Yeah. I wasn't I wasn't a reminder to Velcro.
[01:08:14] Unknown:
Someone will talk to you as dot 9 open source. Depends on how you define it. Some people say technically No.
[01:08:21] Unknown:
Don't do it. Don't do it. Don't do it. Just say no. Just say no. It's okay. It's okay. We've been doing that help. Just don't
[01:08:29] Unknown:
I'll tell you that it's this is what's good available, so you don't need to trust any of the buyers. Available is not there. It's not it's not fully frost, but it is on a rolling window. So every few months, all the releases become full frost.
[01:08:44] Unknown:
Yeah. That's so it's not yeah. Okay. So I have Wait. We're not having this debate right now.
[01:08:49] Unknown:
If
[01:08:50] Unknown:
was not we had a very long conversation about this until dispatch 26. If anyone listening wants the answer to that question, just go back to Citadel dispatch 26, and it was very
[01:09:03] Unknown:
Yeah. Every different we have. But I'll tell you matter of factly what's what exists, which is the source code exists. Go use it. We'll help you build if you want. If that's not good enough for you, fair enough, but it it is what it is. I'm not trying to misrepresent it. Yeah.
[01:09:17] Unknown:
Yeah. It's
[01:09:19] Unknown:
okay. Great, boys. Look. I think I I I think everyone here is more or less on the same page, and I don't know if going further really is productive at at all, unless unless you guys have something specific you want to touch on here. But but my my understanding here after this hour is mobile privacy tools are are useful to users. It's good that we have mobile privacy tools. Some users aren't gonna be able to use their own node. Going forward, it would be best to minimize the amount of trust in any company when it comes to using those tools. But right now, it does require trust in Samura.
[01:10:05] Unknown:
Yeah. So good, better, best. Right? Like, good, use Bitcoin. Better, use Sami Wallet. Best, use Sami Wallet with, with your own Dojo. Right? Like, I think that's pretty straightforward and, and easy to to digest. If you really don't trust all that stuff, right, like, then run your own. Like, it's it's really that easy. I've like I said, I only had an issue. I I mean, I have I I don't mind. I want people to run full node. Like, that's why I've I've helped other node projects. I've done a lot, and I've I always wanna harp on that. But the reality is that we need to, we need to provide tools. We can't leave people out just because, and people are going to make their own decisions no matter what.
It's important to remember that, you know, there's never been any any arrests led from a Whirlpool transaction or from a samurai wallet user that's been reported. Right? There's there's never been people, like, found on mixing their nodes, anything like that. When there's an issue, there's something that's been disclosed. Right? And and so when it comes down to this, like, some people need it, and we're not gonna take away like, I would not advocate for taking away a tool, to people that that need it, and they need to only use a mobile wallet. And then, you know, on top of that stuff, like, it's it's great that Sparrow has it as well. They also if they're a Lite Wallet user, or let's put it frame it I'll say light wallet. They don't have their own node, but they still use Spare Wallet. Right? You're still trusting a node to have have your information.
So it's just important to to keep all that kind of stuff in mind that there's a risk trade off with everything that you do. Understand the risk, and figure out what's best for you. Right? And, you know, if if you find that you don't wanna trust Sami Wallet using a white wallet only, great. You run run-in dojo. You can run it, you know, you can run it on whatever device that you, you you know, whatever single board computer that you want, or you can buy a Tanto or whatever that that we have available. But, ultimately, on chain, no one can tell the difference between someone that got a mix as a Sparrow user, a Samurai user, or a, or, like, a, run a dojo user. So, what it comes down to is what does the blockchain say, and are we are we protected from chain analysis and law enforcement?
And that answers yes. So use the tools. That's that's definitely what I would have I would have to say with it. And if you really don't trust any of that stuff, use the stonewall stowaway. We had a good time doing some live demos at Bitblock Boom. So, you know, use the tools. That's what's most important.
[01:13:18] Unknown:
Should I, sort of give a summary of my position? Yes. Yeah. So I think we're seeing a lot of, attention from law enforcement now. Obviously, the the debacle with Tornado Cash was sort of a a wake up call for a lot of people. Like, a lot of developers sort of, if you read between the lines, said, that's it. I'm not working on Bitcoin Core anymore. And, you know, you make the assumption that they might come back as anonymously or something like that. It's not as if we don't have good precedent in this space for, if you're going to develop controversial software, do it anonymously, like, I mean, Satoshi, obviously.
So that being the case, don't paint a target on your back if you are with the best of intentions and a good actor, like in the best case, so now, samurai is. The fact that they have this data or they have the potential to keep hold of the records of that can unmask some of these not unmask to be phonetically correct, just to undo the effect of the coin join as a separate issue from then connecting an identity to the whole list of addresses you get. If they have the intention, and they certainly have a history of doing stuff like this, law enforcement, I mean, don't give them the opportunity to do it. And I'm really sure that this is encapsulated well with the adage of can't be evil is greater than don't be evil. Like, you don't want privacy policies. Like, is is someone gonna come out with a statement saying, we we promised to not leak your I mean, they effectively have. So I'm saying, I think that the the trade offs for this thing existing, I while I do acknowledge, the use case that some people have that can't afford to run nodes, I think it's pretty niche, to be honest, that running a node would get you in trouble and that somehow using Samurais, with a light client somehow gets you around that.
I mean, we're talking 500 gigabytes. It's not a lot. That's like a couple of days on YouTube or Netflix. Like, if you're connecting over Tor, you should be alright. And given that you need Tor to use the summary thing in the first place, then I don't really actually, I I think I'm gonna take that back. I don't think I appreciate that there are, use cases for using samurai in light mode, because you can't run a node without getting in trouble. I don't really think that's a valid argument. So, I take back that olive branch. I think I'm just gonna say that I think the effect of it existing, if we love samurai and and appreciate the team, they are just painting a target on their back, and we know that controversial software like this, attracts law enforcement and gets people in trouble all the time.
So don't do it. But given that's not really my position, I don't I don't think that. I think that, potentially, it's a lot worse than that. That means I would just advise people, let's not use, you shouldn't use samurai in a light mode at all. And the fact that it exists, makes me question, a lot of other things about the project as a whole. And it's not like every project in the world or any project is perfect. There's going to be compromises in the design of everything or just the sort of political choices. Like, wasabi is obviously compromised in a lot of people's heads just because of the choice they made to comply with law enforcement.
So, remember that. Yeah. That's pretty much my position on it. I would advise people not use, I would advise people not use the like client because I don't think it's serious privacy, and I would advise people not use, other things, where they use samurai without relying on samurai servers, because in those instances, they are mixing with people that are potentially, leaking their xPub, and thus, the coin joints become something that can be partially or fully undone, which, gives them, a far weaker assumption of privacy than if they were to use something else like joint market or Wasabi.
[01:17:13] Unknown:
Man, I knew that one was coming. Hold on real quick. So, again, it's not been any so I I just, like, I fail. I'm not like, I wanted to end with this, and I'm sorry, Matt. But, like, I fail to see how anything's being unwound. Right? Or people are losing privacy by mixing with with, semi server people if there's ever been a hack. There's never been any people getting arrested, which you would see if there was a hack. You'd see people getting arrested. You would see things happening. You would see any shit in the news. Right? Because that would take down their monetary, their financial means of of maintaining themselves. It's okay. You should still assume you should still assume. You can you can assume that that everyone's salary will be compromised. Sure. At some point. Sure. Sure. You I mean, you could you could assume that. That's fine. It's a safe assumption.
Sure. Yeah. Yeah. But, like, it it still goes back to this, like, point of, like, when, one, like, you mentioned, it's better for people to use Wasabi Wallet, over Standard Wallet. 1 works with like, openly works with chain analysis, and has terms and services. Does it they will they'll they'll work with law enforcement, versus one that doesn't even have a terms and service. Just use it what you want or fork it and do whatever you want with it. Build it from source. Do whatever the the hell you wanna do. And has implemented all the tools to make it so that you provide no no information to them.
Right? The minimal amount of information possible. And then on top of that, I I fail to see how that unwinds people's mixes, and that's only in this fairytale situation that something bad happened and that whatever. So, like, I I just, like, you know, I figured we that it would shift into that. But, like, to to think that, like, the the majority, right, the majority of a mix is to even think a majority of the mix is,
[01:19:20] Unknown:
is light wallet users is pretty silly. Yes. I question the one. I can't juxtapose or reconcile these two things. On the one hand, sorry to drag it out. On the one hand, I'm saying you're telling me that privacy is life and death, and on another hand, you're saying a real situation that could compromise the privacy is just fairy tale. That's the thing where I'm like, I don't think you're being serious about the risks that you're trying to impress upon me.
[01:19:45] Unknown:
No. I'm saying that, yes, like, there is, like, privacy in other countries is life and death. Right? And you're talking about a situation where those people, right, need to figure out a way to transact. Right? They have to. Right? That we're we're talking about people that are in, you know, in banned countries or whatever whatever you wanna call these these other places, right, that are in 3rd world countries that have horrible dictator like leaders like, horrible dictator like, state government. And they're supposed to be more concerned with, with a server getting hacked, which, like, you you're talking about any of these other KYC services, anyone that has any sort of actual information that they wanna go for for a samurai, which sure. They they maybe they have a a target on their back.
Right? But you're telling me that that they're gonna go for that. They have no other information, but they're gonna go for the place that has doesn't have any information other than, like, the actual expos, but there's no PII that connects to them. Right? So why I say it's a fairy tale thing? Is it because people in the moment need to do what they need to do to to, like, either survive or transact the way that they need to in that moment, and they need to do a privacy. They need to do it privately. Right? That's why the initial mix in that, like, fat that first one is almost always fast, right, depending on how many people also try to mix. But if it's a smaller pool, you're probably gonna get that first mix instantly. You can do it on your mobile phone for that reason. Right? Because Bitcoin's for the streets, and these people need to operate right there so that they can continue to go forward. Now remixing is normally done by people who have dojos running 247. So there continues or their Yosin Sparrow or whatnot, and they have their computers on. They're running 247, so they're gonna continue to get remixes.
Right? So maybe one of those people are gonna be a semi light a light user. But I I say that this is a a fairy tale thing because it it's not like, it's something that in the moment, someone that isn't someone who needs a transact isn't gonna give a shit about. And I know that because I've talked to many people who don't care. I've talked to many people who don't have the means to to do the node thing right now, and they're like, I just need to transact. I wanna do it privately, and I need to make it happen. Right? So they can use it. They could use the same amount for one transaction if they wanted to. Use it, mix it, send it. And how how you're justifying that I'm making this into something that's not life or death, I'm just saying that this this theater that we're creating is, something that doesn't apply to real people in real life.
Like, it's something that they are willing to accept. Right? They know what they're doing because they're already trying to act privately. They're willing to accept it. Right? And they're doing it. And by saying, like, oh, well, like, you don't care or you think it's a, you know, a fallacy that I care about, you know, people using server. I want people to use a server, but or I want people to run their own dojo. But, honestly, like, if they know their their, threat model and they're willing to just say screw it, I'm I'm gonna accept the risk that comes with trusting SamRite Wallet. Since I'm already using their wallet anyways, I'm gonna trust their server, and I'm just gonna make this happen because I need to do this transaction.
So, yeah, I'm saying in terms of, like, real life people, it like, this theater is maybe fairy tale was wrong word. This theater. Right? It's that's why I said it's it's like white knighting or, like, white knighting running a node. Like, I mean, like, I could preach all day about running a node, but, like, it'll probably help my, you know, run a dojo sales. I don't give 2 shits about that. I care about people being able to transact. I want people to be sovereign. I don't want people to use server. I want everyone to do all the things that are necessary to be a private individual. But if you need to do it and you are willing to accept those, you know, that trade off, you're still gonna have, immediate you're going to have immediate unchanged privacy, right, from a 3rd party observer.
Is not a 3rd party observer if they're your node, right, just like with any other node. So, I, yeah, that I I figured that that was gonna happen. I didn't think it was gonna happen. You were gonna bring that point up at the last point on your closing statement, but, like, it's pretty disingenuous to think that you're gonna unmix everything when you have the the vast majority of remixers are, are dojo users, so or Sparrow users.
[01:24:26] Unknown:
Yeah. But, I mean, well, Sparrow is, like, an onset of 5. Right? It's not it's not a lot of effort if, you know, if a couple of those people are using like clients and summarize, then whoop dee doo, you got a coin joined with an an onset of 3. Like, that's I'm not exactly sleeping well at night. So you don't
[01:24:49] Unknown:
so I like, this is a whole another conversation. And, again, kinda like when I and I didn't mean to be an asshole, and I don't mean, like, when I said, yeah, you're out of your element. You're out of your element. Like, if you don't understand how Whirlpool works and how forward and backwards privacy works, the end of the debate isn't the right time to do that, but you continue that's that's why they we encourage remixing. Right? That's why we don't say mix once and leave it. Right? If you needed to and you just needed to break immediate ties and spend immediately, sure. Like, you've broken deterministic lengths.
Remixing is better. Remixing will continue to be better. And it you gain privacy whether you remix or not. If you don't understand how remix it like, how forward and backwards privacy works with Whirlpool,
[01:25:39] Unknown:
Mhmm. There are many articles on how it works. Increase the onset. I'm just saying that if you use it at the minimum, it's not particularly comforting.
[01:25:47] Unknown:
I'm aware that you can continue to engage in more Comforting to you. Free. I'm aware that you do that. Sure. Comforting to you. That's again my point. You keep framing these things and these, like, statements as if you are the end user for all these people. Like, you are not you are not necessarily the end user. Like, unless I'm not. I mean, do you but, like, are you in a, like, a a third world are you in Iran or a third world country that you have to be worried about this? Probably not. You know, it's somewhere we're at Right? But you're not in a in a country that has to worry about that. Right? So one mix might might be enough for someone in one of those countries. And if it is, then they're gonna do it, and then they're gonna move. They're gonna make their transaction
[01:26:27] Unknown:
and carry on with their life. Well, funnily enough, country that a lot of people got in trouble for donating Bitcoin specifically to a controversial political movement. I mean, I e Canada. But, I mean, I'm not trying to play I'm not trying to win some competition for me being the most oppressed or, like, win a a victim hierarchy thing. Like Yeah. My point is that I agree with you that these people are I mean, okay. I've made this point too many times. Matt, do you wanna read Shinobi's tweet at you? That was kind of interesting. I haven't Christ. Shinobi Shinobi say? He said, why is online not implemented a scheme where Postmates XPub is never revealed to their server.
You never receive money to Postmates unless you sign a transaction yourself where you can just locally case that UTXO and never need to query the server. It's a good question.
[01:27:22] Unknown:
Why you can't, I'm sorry. I just, like, can't handle fucking anything that Shenobi says because he's just off the off the rails 99.99% of the time. But Wait. So we're gonna something where they don't see the expo. If you don't have the expo, right, for post mix, how are you going to refresh someone's wallet? How are you gonna shoot them their balance? Sorry. Could you repeat? If someone so, like, even if I'm on my dojo, right, I run my own node, same thing that the semi semi server. Right? If I if we have some scheme where it doesn't give the x the post mix expo, how are you gonna refer how are you going to give them, how are you gonna show in the wallet that you have a balance?
[01:28:09] Unknown:
I think, that's not the issue. It's just why even take that, unnecessarily take that XPub in the first place? You could just literally not take it, and it wouldn't it wouldn't it doesn't affect Samura's ability to do what Samura does with a light client
[01:28:24] Unknown:
if you never take that info in the first place. And then all your arguments remain valid, and they just have less data. Which doesn't make sense. Like, again, you can't, like so you're saying use a light wallet. Right? Use the you connect to their server. They would only have your deposit, x pub, but they wouldn't have your your pre or your post. But they're still supposed to have all the same like, be able to transact the same way. How how could you transact with a constant to 0? Shinobi is saying Shinobi is saying
[01:28:54] Unknown:
you have you have the premix XPub, but the postmix XPub is not shared with Samurais servers because if you're sending to post mix, you're sending to yourself. So the server wouldn't necessarily need that at time of of receipt post mix. But I I think I think How does it how does the wallet I think when it the the issue really comes down when it comes time to spend from the post mix.
[01:29:25] Unknown:
Oh my god. I can't even this is why I don't we can't, like, even You would need to know your balance and to,
[01:29:32] Unknown:
broadcast. But I guess you would you can know your balance presumably. You can know your balance presumably because you know that for the post mix. Yeah. You just can't spend from the wallet. Look. I I think I think that's that's you know, I first of all, I appreciate Shinobi participating in the show. I wish you would join the live chat that the show has so that we could see it on screen. That'd be all. But, I I I think you both agree. I know I agree with this statement that the less information samurai knows, the better. Mhmm. And my understanding is that they're trying to know less information over time.
[01:30:15] Unknown:
Yep.
[01:30:17] Unknown:
They're just not there yet. And I I personally I know I'm not supposed to be a part of this debate, but I personally would like to see more privacy focused tools for Bitcoiners, specifically on the mobile side. I think if you're on desktop, you have decent options right now. If you're able to use your own node, you have decent options. I would like to see as many mobile options as possible, and we just have not seen that yet, unfortunately.
[01:30:47] Unknown:
Yeah. I'd argue the trade offs with mobile are too severe for them to be,
[01:30:52] Unknown:
taken seriously. That's all. I don't But this is what like, I had I had wax mechanic. I had I had waxwing and belcher on, and they said if and I think a lot of Bitcoiners agree with this. If you wanna use Bitcoin privately, you shouldn't use a mobile phone. But the the matter the matter stands that there's gonna be 1,000,000,000 of Bitcoiners that their only computer is a mobile phone. Like, we keep talking about, like, the 3rd world or something, but, like, the same goes for, like, someone stacking with a KYC service like Swan and withdrawing it to their mobile wallet. Like, there needs to be mobile privacy tools, and they should they should, you know, take the least amount of information possible.
A a company should have the least amount of information possible when they're running it.
[01:31:39] Unknown:
I I think I would just reframe it slightly to it would be great if we could have mobile privacy tools that did what we want them to do, and it doesn't really seem to be realistically doable. Like, it's not like there's any competition because it's just basically, every team has come along and said, yeah. You can't do proper coin joints on mobile. And Sunrise said, yeah. You can. You just have to make this trade off. And I'm saying that's a bad trade off. Too bad for it to be something that I would recommend anyone ever use.
[01:32:09] Unknown:
I am, like I've already beat, like, this issue and to, you know, feel like I'm beating a dead horse if I continue to respond to the like, it's, like, recommending it to people or not. Disagree. Yeah. No. I mean, like, that's fine. Because, like, like, going through waves of stuff. But, yeah, I mean, I would love to see more more wallets utilizing it. And, honestly, if there when the day comes that there's a better way to support light wallet users with less information, like, you can guarantee that if it actually works the way it's supposed to, like, it'll be here. Well, I mean, it's actually real There's not. You know, there there's not a good way. Like, we've already kinda There might be. Touch on it. I mean, you've got Trezor integrating with Savi. Right? So you can run Trezor as potentially a You're not talking about a mobile wallet.
[01:33:06] Unknown:
No. I'm saying, that, Trezor can release something that can just as a mobile wallet, then can connect to their suite or whatever. There are ways around it. The the one And their suite is their own server, so, like, I No. No. You can't no. Trezza can connect fine to your own node, and it can do over Tor as well if you want.
[01:33:24] Unknown:
Why would why would you do that? Like, why would you even, like, have someone recommend doing that? You could just use Sparrow. If you're gonna talk like, I like, I just like, that's such a shift. Honestly, like Yeah. I realized that. Not there's not a bet like, there's not a better way right now. That's bad. That doesn't involve someone running their own node, which is exactly what you you just said. They were run they would be running their own node, or you're running a mobile app that's connected to this the treasury suite, which is connected to either your node or their node. It's still connecting to a node, and it's still Well, that's going back to a full node. That's true. Let me be clear. You still need to run a node, today,
[01:34:02] Unknown:
but you're still able to run a light client on your phone.
[01:34:05] Unknown:
Yes. I'm I run a light client on my phone right now, and it's saying my wallet. Right? But it's connected to my node. So, like, that's exactly what you just explained. Yeah. Right. Like, until there's a better way to run to, like, architecturally set it up so that light wallets only get, like, whatever information until something is, like, concrete out there, like, there's no reason that I would recommend, to the semi team to do away with and abandon their users that might need the tools. Right? Like, that's you can disagree. You can disagree and say, like, whatever. Like, no. They're they're larping. I I don't care. I know for a fact that there are people that use this because they need it, and, like, they don't care. Like, they don't care about that trade off. They're willing to accept it. So to just take it away now if there when that when that, you know, ability comes up, you know, to be able to do that and not have a central server, I'm sure Samara will be very happy to, like, not have to run their you know, decrease their server costs.
You know, but the you know, these, like, fairy tale fairy tale ideas of, like, some random solution that may or may not be plausible, you know, like, until someone writes some code that makes it that makes it sound concrete to something that actually would work, I wouldn't recommend just taking away tools from people just because, someone sees as a threat model, which Samurai also sees as a threat model, which is why they explain it to them. So, yeah, I like, people can disagree. People can, you know, say, like, you know, just samurai, well, it's great. Just use it with use it with a dojo. Right? Like, go for it. Right?
Yep. Very com But, like, just just understanding, like, how you how we say things is important. Like, saying, like, if you use Sam Rylie Wallet, you're retarded or saying which, obviously, you're you're trolling, but, like, going just continue to dive down into it or saying, like, you don't trust them because they have that model, which I explained is because of, you know, the history behind it, user activated soft work. You needed someone you trusted if you were running a light client. So understanding these threat models, understanding, like, you know, why there's why they're set up the way they are. And until something better comes out, they can't just take they they should not just take away the tools from people that need to use them.
And, like, 90% of the users are gaining privacy because they they care about privacy, not because they need privacy, but taking away from the 10%, you know, that actually need it is important. And I don't think we should be just taking it away, and they can accept the risk that that they've been taking. And, you know, you might disagree with them, but they're the ones living living that life, not you. So,
[01:37:15] Unknown:
yeah, it's kinda work. Yeah. I wouldn't I wouldn't disagree with their ability to choose. What I disagree with is, the assumption that they understand the risks they're taking.
[01:37:27] Unknown:
Okay. So
[01:37:29] Unknown:
we'll change the goalpost, and we'll Well, no. I don't think it's necessarily I don't think that's necessarily a goalpost shift. I mean, I think that's something that I I cared I cared a lot about, and I was really glad that samurai implemented the warnings in the wallet when you load it up. And I I don't know of any other I don't know of any mobile wallet, which are all primarily light wallets that actually notify the user when they boot them up that, you know, if you use this without your own node, you're screwing our privacy up.
Yep. I, or that you have to trust that you have to trust the company with your privacy to be more exact. I have a question for you, mechanic, because I'm a little bit of a masochist, and, I'm curious of your opinion. So, and when I say masochist, it's because I don't know. I feel like this conversation is is gotten a little bit tedious. So Sparrow, it's you know, so Sparrow is developed by Craig Raw. He's the lead maintainer. It kinda made a you know, it came it kinda came out of nowhere and has been it's it's my favorite desktop wallet now. He made an interesting trade off decision.
It's often compared to Electrum in in in its capabilities, but he made a different so with when you boot up Electrum, you don't connect it to your own node. It just connects to a random Electrum node. And a lot of a lot of people speculate that random Electrum nodes are run by chain surveillance companies and potentially governments or whatnot that are trying to track you. So people advise, you know, use your own Electrum node instead of using one of the defaults. On Sparrow, if you don't use your own node, which he makes it very explicit in the beginning when you're setting it up. It's like, do you wanna use a public node, or do you wanna use your own node? If you don't use your own node, he gives you a drop down of 4 4 choices that are not run by him.
1 is Blockstream, 1 is MZ, one is Bitteroo, and I forget who the third one is. But he gives you an he gives you 4 choices. Luke Childs. Was the last one? Luke Childs. Oh, yeah. Luke Childs. He gives you 4 choices not run by him. Do you prefer that over just defaulting to, in this case, Arrow server? Giving you other options? He gives he gives you, like, curated Right? He's, like, you know, I'm not gonna connect you to a random Electrum node, but your Yeah. To clarify semi trusted ones that are run by members of the community. Can you clarify if what the default is with Sparo? So with Sparo, when you load it up, it, like, goes through the full trade off model. It's, like, if you use a public node, if, if you if you use your own node, like, it gives you, like, a full explanation, and then it asks you which one you wanna use.
And then if you click public node, it gives you a drop down of those 4 nodes, or you can enter a different node.
[01:40:26] Unknown:
Yeah. It it's actually really hard to criticize that. I like that model, and I think it's actually better than what Electrum does, which is the default. Like, you had, JW, who I tend to disagree with literally everything he says. But, one time he was criticizing Coldcard for having in their instructions a way to use Electrum, and he said this means it's all spooky, you know, government project because the default for Electrum is that it connects to a bunch of Electrum servers, which you just alluded to might be chain analysis servers or whatever. And, you know, that's the thing I don't like about Electrum. Like, my my favorite, if I can riff here a bit on what you said, my favorite wallet, really, no endorsement or no no financial incentive on my end is, Specter, because you just can't use it without a node. But, of course, I know that you're gonna disagree, Zelco. That that's a good thing. Like, users should have that option, but, I I like the fact that you can't. I mean, so when it comes to Sparrow, Craig was, like he's sort of hostile towards Tor.
Maybe he's not so hostile anymore, but
[01:41:29] Unknown:
none of the time outs Well, Arrow has Tor built in. The reason he's hostile is because he has a ton of support requests that, you know, it's because Tor is unreliable.
[01:41:38] Unknown:
No. He also said it was, even in ideal circumstances, it's just less good than, I think, using your own Electrum personal server. I can't remember the nuance of his argument, so put an extra the connects to that. The argument, I'm pretty sure,
[01:41:52] Unknown:
is is that if you're if you're running your node at home, you don't need to go and connect to it through Tor. You can just connect to it through the local network because why are you adding that latency and failure rate for for no no privacy gain? Right. Well, that's totally valid. I thought he had another issue with it, but I might be misremembering. One of the cool parts about Sparrow is that it has Tor built in. So you can paste, like, the Tor address of your Electrum node in, and then wherever you are in the world, you can use your own node by just pasting in that Tor string, and you don't even have to install Tor separately. Yeah.
[01:42:26] Unknown:
Yeah. I'm I'm gonna say that in response to your question, I I think it's hard to criticize Sparrow. It's a really good project. It sort burst on the scene and became everyone's favorite immediately, and there's pretty good reason for that. Maybe I'm just stuck in my ways, but I respect to Fanboy. Okay. So
[01:42:43] Unknown:
this is the where the masochist part comes in. So users using Sparrow chooses the Blockstream node, and then does a Whirlpool transaction, does a collaborative transaction, CoinJoin. Do is there a benefit there?
[01:43:03] Unknown:
Potentially. There's a trade off, in the presumably, they're not running their own node. Otherwise, they would've used it, and they can't make the same assumptions about their privacy as they could if they were using their own node.
[01:43:19] Unknown:
But isn't that that's it's a similar trade off. It's just a different entity you're trusting. Instead of trusting block instead of trusting Samura, you're trusting Blockstream in that scenario.
[01:43:28] Unknown:
Yeah. Like, this is the sort of maybe something I've hinted at or just said a few times in this, debate, which is moving trust from what that's why I keep using the VPN analogy. I think the VPN analogy is a great analogy, by the way. That's how I look at it. I appreciate it. I actually think,
[01:43:45] Unknown:
and the samurai guys have said this themselves that that any centralized coordinator model is is not, you know, you you have to trust the coordinator to a degree because they can civil attack you at minimal cost. The civil defense on a coordinator is is in a low transaction fee environment where mining transaction fees aren't high, there's there's no civil protection from the coordinator itself. Yeah, man. There's just so much that works really well. I've yeah. I appreciate that because it does hold quite tight, I think. I just think VPNs can be useful if they're explained if the trade offs are explained well. That's basically where me and you disagree at the at the least.
[01:44:27] Unknown:
No. No. I think I think it's legitimate to use samurai. I I think there are genuinely some bad design choices, but I will extend the olive branch and say that samurai does some great choices as well that pretty much no one else does. So I don't just wanna be a mindless hater with it. I I I disagree on this one sticking point, really, as well as maybe some other minor technical decisions. But, you know, I think I think that explaining those things and having people use it with full awareness has not been something like, we can say that people use it having educated themselves fully, and we can wash our hands of it and say, you know, if people people understand the trade offs when they use it, but that's, to me, just not realistic. People don't really do the research, and people just use default settings on things. That's, again, why I like Spectre because you can't use it unless you're running a node. Like, everyone running Electrum you know, running an Electrum personal server is hard. Right? It's it's a difficult thing to do. And if you're using a node like Umbrella or or Embassy, you know, you've gotta connect to elect RS or something like that over Tor, and, man, it's just it's pretty much unusable. Right? Like, to to use your note that way and, like, on paper, it all works great. But in reality, half the time, your Electrum is gonna be saying it's not connected.
[01:45:46] Unknown:
And you just you know, you need to do a transaction now or whatever. We wanna talk privacy trade offs. What's interesting, Mechanic, is, and Craig was the one who brought this up to me, of Craig of Sparrow. So the the most common way of using Specter is you run Bitcoin Core and you run Specter on the same computer, and they basically automatically connect to each other. Sparrow has a similar feature, where you can run Bitcoin Core on your computer and you can run Sparrow on the same computer. If but he pops up a warning, and the reason he pops up the warning is because your your public keys are actually stored in Bitcoin Core, and Bitcoin Core doesn't encrypt them. So if your computer is compromised, the all the address information in Sparrow is encrypted, but all the address information in Bitcoin Core isn't, and it can be compromised in that regard. And that's why he likes the Electrum server model that because you have you have the computer that is maybe more of a multiuse computer that doesn't have all that sensitive private information unencrypted on it.
And then your node doesn't actually have that information on it either because it's just getting pinged all the time by the client. I thought that was interesting. I never thought about that until you mentioned it. No. That's a great point, and he's dead on. But it is really easy to just run Bitcoin Core on your computer with Sparrow or Spectre attached to it. And you don't have to deal with any tour latency or anything like that.
[01:47:21] Unknown:
Yeah. That's that's like the Ferrari node itself. Just like to have a great computer with 2 terabytes of internal solid state drive space, run a full node, you know, transaction indexing turned on, everything going for it I mean and run on top of it or Sparrow or something else. I mean, the the one the one issue, though, is that you run into,
[01:47:42] Unknown:
just trying to rely on core is if you have any sort of depth to your to your x pub at all. Like, post mix, whirlpool people, people who've been whirlpooling for any period of time, really, their ex pub their Prismix ex pub is gonna be lengthy. So, like, trying to and I've used Spectre before. I'm I'm nowhere near as much of a fan as you are. But I think that if you're trying to use that's why that's another reason why I know Greg likes, likes Electrum server model. Particularly, I know he's a big fan of fulcrum, fulcrum, which is amazing, is because of, like, when you're mixing, those, that gets deep.
And, Kordick can probably agree. I can see he said, Whirlpool been around. He said Whirlpool been around since 2015. I don't know if Whirlpool was around since 2015. I'd have to ask the guys. Definitely wasn't. Yeah. I was gonna say I thought it was 2019. But, you know, you you get some deep, deep, you know, wallet, you know, wallet depth in there. So you if you're trying to sync it up with core, like, that's not gonna work. You need some sort of indexer to speed the process up. And yeah. So I'm I'm not a fan of that. I I like the option of having the the Electrum server. If I'm gonna use desktop or if I'm gonna use, like, a hardware wallet, which I don't use anymore, but,
[01:49:29] Unknown:
would definitely be using Sparrow simply for that that ability to, To be clear, you can use you can use an I'm, like, 99% sure you can use an Electrum server with Spectre. I'm
[01:49:41] Unknown:
I'm thinking of the the time when I when we had it implemented, there was no,
[01:49:46] Unknown:
Yeah. Maybe you used to not be able to, and then they Yeah. Yeah.
[01:49:51] Unknown:
I don't know. The KYC stuff is what who got me out of that one. But, yeah, I I think that there's a lot of, there's a lot of space and room for improvement everywhere, but, ultimately, like, you know, that's why that's why I kept saying, like, the focus of of all this is not, needs to be directed to your on chain privacy, what's giving on chain privacy and what's not. And, you know, that that's really what this whole thing kinda comes down to. That's why the more frustrated I get, I get frustrated because we're you we're we're talking about things that are theater that that have not been an issue. And, like, could they be? Yes. Should you try to avoid using a, someone else's full node? Absolutely. I give talks on that all the time.
But that doesn't that doesn't mean that someone is stupid or shouldn't be, or if they need to, they can't use something or shouldn't be allowed to use something. What if what if there. The 2 what if samurai offered 2 services? 1 for people destroying like lights and one for You you must follow Shinobi a lot because, those are that's always his argument. Dojo won the pool, versus a light white light client pool, and there there's no there's no need to do to do that anyways. Right? Because they're blinded to those other people. Right? Just so they can't coordinator's blinded.
So they're blinded to the dojo and sparrow people. And then you take those out. Like, yeah, they're potentially, they seem to do stuff. But, like like, why why would you cut out liquidity? You would pay the run cut out the You would pay the running a notice if it doesn't work. There would be no point. There'd be no point to mix at that point. Like, it it's I I I I failed to see why people should have separate liquidity pools. I've never seen a good argument for it.
[01:52:01] Unknown:
Like, the good I make the argument. It's that people, if there if you agree I know you agree because you said it multiple times. It's better to do this stuff with samurai running a node than not running a node. The the thing that makes it better to run a node and worse to not run a node, can cross contaminate. I I don't think that's, an invalid assumption, in which case you could separate the two things, and then people using Sparrow and Ronin Dojo don't, compromise with any of the things that you're somewhat hand waving away. And the other service remains that you think is essential, that needs to exist, and which I can actually agree with. So why not do that?
[01:52:42] Unknown:
Why not? What? Because they're all the same. So they're all the same to the coordinator. Right? Like, why why would you cut why would you cut any amount of liquidity even if it's, you know, a third of it? Right? Why would you cut liquidity from people, who are trying to gain the privacy to hide with the crowd, right, that still get backwards privacy and, they get, backwards anonymity and forward anonymity, from participating in a larger pool. Right? Why would you cut that and punish people, right, who need to use the tool? Because that's really what it comes up to.
[01:53:19] Unknown:
But Just to tell you how true. The people the people who are using the light client the people that are using it without their own node would have would have lower anonymity sets in that situation. Significantly lower.
[01:53:32] Unknown:
Yeah. Yeah. Absolutely. That's a problem, of course. But, your your it doesn't seem consistent because, you're saying there's no need to do it because there's no difference in the privacy assumptions. So there's no point doing it, and it just lowers liquidity. Obviously, I get the bad part of doing it. It lowers liquidity for both sides, but, like, we can't simultaneously say that it's better to use a node than not use a node and that they're exactly the same for their privacy assumptions. Those they they those 2 I never said that they're the same. Like, I
[01:54:03] Unknown:
saying from a transact like, from looking at the blockchain, you're not gonna see it. Right? So that and that's that's what this is about. Like, that is what it it all comes down to is being able to observe transactions and make deterministic links and attach, by looking at the blockchain, attach, identities to, to UTXOs. Right? That that's what that's why people use privacy tool. That's why people coin join. Right? So I I don't see the benefit of removing, of removing that. Right? And maybe maybe 1 in a mix. So light light wallet user. But just
[01:54:53] Unknown:
Just to be clear here just to be clear here, if you're trusting the numbers from Samurais, which is big trust, obviously, there's no way for us to individually verify them. They say something like 70%, like, the overwhelming majority of people are using a node other than theirs, whether that's their own node, a friend's node, you know, one of those Electrum nodes we mentioned from Sparrow, they're using a node that's not the samurai server. So the so the people using samurai and light mode is maybe maybe 30% of the anonymity set. So to be clear here, in this situation, the the people that would be hurt the most from this liquidity split would be, you know, the less than 30% that are using, that are that are using samurai server that are not using a different node other than samurai server. It would it would be the live client users who would suffer significantly in that situation.
[01:55:57] Unknown:
Yeah. I agree. But on the other hand, the other people would benefit from not potentially contaminating what they're doing. And, I mean, you have this, potentially
[01:56:08] Unknown:
Yeah. Potentially in the event of, like, the catastrophic event that you're referring to.
[01:56:14] Unknown:
Well, I'm glad you agree that it's at least potentially
[01:56:18] Unknown:
possible. But then that would require those people to go through every single, like to like, they would have to dedicate their resources to trying to reveal and go through every single mix in the past 4 years and figure out ND and and and try to unmix all that stuff. Right? Like, sure. If that happens, it's it's bad. Right? I don't think anyone would would argue that if their server is compromised,
[01:56:45] Unknown:
it's would be fine. So to bring it back again, I think you both agree that the least amount of the liquidity pool that is using Samurais server, the better.
[01:56:58] Unknown:
Yep. I mean, they yeah. That already yes. That already happens. And and then when you're talking about remixes, like, you can almost guarantee that everyone that's remixing. So one only 1 of 2, potentially most that it could be is 2, and any given mix could be a light wallet. And everyone else is gonna be remixing. Remixing are gonna be coming from people that have something running 247, which means that they're 99% of the time going to be a Dojo user. Right? So yeah. And then you remix again. If you're one of those people that are concerned about, about, like, this, like, oh, a light I've mixed with a light wallet person. Like, one, they're not second class citizens, but I digress.
The the main thing is that you just remix, and then, and then what's got now your your chances of being with another person that was a light wallet user has now dropped even more. Right? Somewhat 1 third. And the mission maybe I was 1 or 2, continues to to get a smaller number the more that you remix. Right? Like, remixing it Matt. Avoid those things.
[01:58:05] Unknown:
Yeah. I would just jump in, on one mate, Matt, about, the statistic there about 70% being our node and 30% being,
[01:58:15] Unknown:
and the trust According to Samura. Yeah. Yeah. Yeah. I mean,
[01:58:19] Unknown:
unfortunately, the the incentive for them there is not to represent, well or to be optimistic there. I think we all agree that it looks better for samurai if Yeah. I think the number is mostly meaningless,
[01:58:31] Unknown:
because you have to rely on so much trust there. But but, yeah, gone. Yeah.
[01:58:37] Unknown:
Well, not to be upset, but if that number was way worse, like, only 20% of people are running their own node and 80% of people aren't, using Sparrow or using running Dojo with samurai, I'd be like, this is this is just doing more harm than Yeah. I genuinely would think. No. I mean, I agree with that statement.
[01:58:57] Unknown:
I would say that but logic logic wise, it it first of all, it go I think it goes to reason that the people that are the majority of liquidity liquidity are by people that are using their own new nodes because they're enthusiasts, and they're they care about it, and they're remixing 247. So it makes sense to me logically that the majority of liquidity would trend towards people that are using their own nodes. And then second thing is, ideally, we see more and more wallets implement Whirlpool so that their, you know, their light client users are using whether they're using hand selected Electrum servers like Sparrow or they're using a company's node or a friend's node or something like that, it further disperses it out over time.
[01:59:47] Unknown:
I yeah. That's that's correct.
[01:59:50] Unknown:
I think the goal the goal is to have the least amount of liquid like, as low as pot the amount of information Samurais servers hold should be as the least amount of information possible, if any at all. And the amount of amount of users that are trusting them when they're in these liquidity pools should you want it to be as low as possible.
[02:00:11] Unknown:
I agree. And I would what I would like to see is, a greater amount of awareness
[02:00:15] Unknown:
of the fact that there is a trade off in doing that and not that it's something that can be laughed at and dismissed and, oh, you're a green wallet fanboy and all that stuff. Like, I don't want I don't wanna It says that in the when you load on the wallet. It does say that. It says it in the wallet, which is something that we've said multiple times. That's why I'm starting to hand wave it is because I've said it multiple times. And you've already told me you've not used the wallet, so it makes it very frustrating.
[02:00:39] Unknown:
And it that's why I just start hand waving it because Well, I have I have used we've had it. A long time. I used Semerony when it first I used Semerony a lot in 2018.
[02:00:48] Unknown:
I mean, that's great that they have new they they have updated their stuff. Have changed since then. Is it they they haven't started a Fresh Wallet since then. Right? But, like, people understand that that's in there. And if you've been in since 2018, you've understood, like, what that they've preached and what that they've what they advocate for, right, which is running your own node. Right? People understand the trade offs. People who are using it that are active in the community understand the trade offs.
[02:01:13] Unknown:
Right? Then why then why do I majority of them. Time I have like, either the XPOP leaking is a concern or it isn't. And if I bring it up Leaking. What people It's not leaking. Leaking is is a is not the right term because it it's by default. Like, that
[02:01:29] Unknown:
it's designed that way just like any other wallet. Saying leaking is not correct. That would be making it seem like you're sending that's going to a different source, and it's not. It's like it's using the wallet the way any other wallet would, which is backed by a server, which, again, the reason that their server is that way, the reason that their wallet is designed that way is because of the user user activated soft fork and people having different nodes and running different stuff. They don't want people running BCash. So instead of that, right, they said, hey. If you don't have your own node, you can run ours. This is what we're gonna run, and we're gonna stay on the the Bitcoin core blockchain. This is what we're gonna do. Right? So, like, so that's it. It's like a a you hand wave that. So, like, just keep in mind, like, stuff is designed that way. And once that they've designed it in that in that manner, trying to completely undo, this this architecture that they've built the wallet on, which has been around since 2,000 I wanna say 15, is when the wallet came out. So you're trying to trying to hand wave out why why would you design something like that? Well, it was it wasn't 2022.
You know what I mean? Maybe they would do something different if they started from scratch right now, but they have users. They have people that rely on it, and there's a reasons that they do what they do. Right? There's a reason that it was set up like that, and it was because of, the user activated soft fork and people not knowing what to do. The question that was asked, I think Matt posted it on, on, Twitter about, you know, like, hey. Make sure you understand the the node rules and consensus because you can opt in and out. Right? So wallet rules apply to node rules too. If people trust me and you more than they do, being able to go in and verify, I mean, like, maybe if there's a user activated software again, what if we me, like, running dojo has goes one way, and then start 9 goes another. And but users don't know. They're just like, oh, I'm just gonna run it because, you know, I'm using their stuff. You know?
Like, it it's the same thing, and they that's exactly why they said we're gonna use this model because we didn't wanna u they did not want to use, that, oh, just a connect to a random node, the SPV type style. We're gonna connect to a random node where you didn't know what you were gonna get. It's a very important detail to, like, try to leave out during a very important time of Bitcoin. Right? Like, that was a a very controversial time to be going around and to be a wallet developer during that time, and it's hand waving to now to try to retroactively look at them and, like, oh, well, they should have just done this because I think it's better. That's great that you think that, but you haven't done it. You weren't there. And, like, we're no developers. We're doing a a totally separate separate thing, and that's why, you know, competition will always be there. But, like, we have different visions. I could I could break down all of your stuff as well, but you guys have a choices. You guys have a reasons for why you developed the way you did. I'm trying to explain to you why, why their server is set up that way.
And, again, I guarantee you, if, you know, if the world was perfect, they would have no one running on their server. They could just shut it down. But that's not the reality, and that's not where they're at. That's not how they started. They try to support as many people as they can to use Bitcoin and to use Bitcoin privately with, yes, with a caveat that you have to have some sort of trust. It is a a trusted model if you're using a light wallet like it is for any other light wallet. It's trusted.
[02:04:43] Unknown:
But I agree with you. We'll get privacy. No. But I agree with everything you're saying here, and this is not what I'm bringing to the table in this debate. The the the prevailing, the zeitgeist in the space and the narrative around what's going on with privacy and Bitcoin, There is none of this, apologetic, it's a trade off, it's a compromise, it's not our renewal, it provides a good thing, maybe. That's never what happens in these debates. These debates always turn into you're a spook. You're a government actor because you're telling people that they shouldn't be, I don't wanna say, leaking their xPubs because you don't like that term. But if you're exposing your xPub to a third party and you're engaging in CoinJoints, you might not be getting what you think you're getting. Whenever I try and bring that point up, I get piled on by about 2,000 paying ins telling me that I'm a spook. And I'm like, but this is literally true, and it's what you're saying right now. You're tacitly acknowledging that this is not an ideal solution. There's a compromise that comes with it, and you can't ever highlight it because people jump down your throat, and it's not wrong.
[02:05:48] Unknown:
So for 1, I don't have anybody calling anybody a spook. I think all of that whole fucking thing is very there's a particular Twitter person that I'm not gonna say his name, but I hate when people try to just randomly say that, because it's generally people trying to say that it's a spook or people that use it are spooks. So, I'm not if people are saying that, that's I'm not okay with that. But, yeah, the when that debate comes up, that argument comes up that it's it's typically because someone framed it saying, oh, you have to have Dojo only pulls. Right? Like, your argument the reason I jumped in, one, you said it was retarded to use the wallet, and then you continue to double down by saying, like, using it. You don't actually get any privacy. And that's like, you don't add the caveat, and so your nuances aren't there. Right? Like, you're you're not you're not framing your your position in a way that is, you know, like this. Like, the way I frame it, right, is saying, hey. You can get on chain privacy using semi wall. They have great tools. You need to understand that if you don't run a node, look at that when you open up your wallet and you start a new wallet right now. It'll tell you, hey. You are taking a risk by, connecting to our server. We have to use your XPUB in order to provide you addresses. You're not gonna be trusting any other, nodes but ours, etcetera, etcetera, whatever this specifically says.
But you need to, like, understand that, one, it's it's said. It's advocated to run a node. Right? And if it like, the like, they developed all these things, right, Dojo included, in order to push people towards running their own note, to being more private, to not having to rely on them. Like, that those are all things that they are doing. Right? And that like, that's that's what I'm trying to say is that, like, you're continuously trying to double down, and then you get piled on. And you wonder why people pile on you is because it doesn't make sense. It doesn't make sense because people look at it from a real person perspective, which is right now, if I didn't have a node and I wanted to coin join and then transact, could anyone look at the blockchain and say which one's mine? The answer is no.
So Alright. So that's Yeah. And and your argument is saying, like, yes. You get privacy No. But no. I'm not asking that. That's a Like withdrawal. If they got compromised. And so you're like, okay. So but if, like, instead of saying but if, like, you just stick with the, hey. You know, it's a great service if you have to use you know, if you don't if you can't run a node, like, and you have to use it, it's still better than using other light wallet other light wallets, which it is. So, like, if you're gonna trust a node, at least have one that has some privacy to third party, actors, Like, we I mean, that makes sense to me.
Right? Like, looking at looking at the blockchain, if you can't look at it and just easily be able to tell, then you should be using that one. If you're gonna if you have to use a light wallet. Right? Like, that's something that you want to ignore. You just have to use a light wallet. Understand the trade offs. Understand that, hey. Someone has those goggles that you can see someone if they're invisible or whatever it is that you want to say. There are trade offs, and we we lay them out. We've laid them out many times. There's a claim all the time.
[02:09:21] Unknown:
I gosh. I just installed samurai again and went through all the menus. I I didn't I selected not using a dojo, and it never gave me a warning. Do you mind telling me initial pop up. It says,
[02:09:31] Unknown:
like, the the bird leaving the cage and every and all the other I'll pull it up. Jesus.
[02:09:37] Unknown:
Yeah. Just I'm not saying you don't have it. I'm just I just wanted to see it. Okay?
[02:09:45] Unknown:
But yeah. I mean, I'm gonna try to pull this up while we talk. But, yeah, the my my point remains that users users who are using LightWallet are using it because they have to, and they still want to transact privately on the chain, and they're going to take that risk. That's fine. And I'm sorry if the warning isn't specific enough for you, which is basically what it this has come down to, is that it's not nuanced enough for you in particular.
[02:10:15] Unknown:
Oh, right. I've just found it. You have to, like, swipe right a few times to Oh, you mean, like, continue to make the wallet? No. Like, on the first page before you press get started. I I still don't see it. I still don't see whether I don't know. The first page says break free of third party custody. Remain in complete control of your wallet at all times. Then you press get started, and it offers you to choose a backup directory. Would you like to enable Tor? I turn it on. Would you like to connect to your own Dojo server? Status not configured. So I'm gonna leave that and just press create new wallet. Then it asked me to make a passphrase. And I say, I understand that Stammurai cannot provide assistance in the case of a lost or, you know, my money. It asked me for a PIN now, so I'm putting in my PIN.
Then, it gets me to download my BIP 39 mnemonic. Now it shows me the mnemonic, and then it tells me my passphrase again. And then it says, claim your payment bot and that you're up and running somewhere. I don't see actually a warning anywhere. Like, I I deeply wanna be wrong about this, so please correct me.
[02:11:36] Unknown:
Yeah. Sure. Give me a second.
[02:11:44] Unknown:
While you're doing that, like, as an aside that shouldn't offend anyone, I wish to Christ that, XPUB was not called an XPUB. Right? This the last thing you want to be public, apart from your private keys, is your XPUB. Like, this is such critical data to keep private, and it's called extended public key, which is just the worst name for it possible.
[02:12:08] Unknown:
No. Yeah. I definitely agree on that.
[02:12:10] Unknown:
I mean yeah. But it's that that's like a cryptography.
[02:12:16] Unknown:
Yeah. For sure. It's an embedded term. Like, we're not about to change what we might call it. Well,
[02:12:22] Unknown:
yeah. Like, we change hardware while it's assigning. No. I call seed words secret backup words. What do you call what do we call next button?
[02:12:34] Unknown:
Like, I I call it, like, a a blueprint almost, but that doesn't really It doesn't help that much. No. It's not I don't know of a better term. Minero does a decent job with the view key,
[02:12:45] Unknown:
but I don't know if that helps. View key better than Next Pub. I mean, Next Pub's pretty bad.
[02:12:53] Unknown:
Yeah. It implies it should be public, which it just shouldn't. Like, I can't think of a good reason ever. Like, unless there was, like, talk of bull Bitcoin implementing, you know, you would upload an extended public key to the platform, and then your DCA would go to a new address every single time. And you can just use BitPay E5 or something like that to generate a unique XPUB for, for each service you use. Right? So bull Bitcoin half my xpub, so what? It's a list of addresses that they are gonna know anyway, and I'm never gonna use one of those addresses for anything that isn't bull Bitcoin. So that that to me feels pretty watertight.
[02:13:33] Unknown:
Okay. Yeah. So on their website, they have, let's see. Okay. Good. Great. So it says, similar wallets, unrivaled in transaction privacy, but the default configuration is still subject to network level privacy loss. So Singer and Dojo allows you to simply bypass our default servers and circumvent these concerns. Simple. A default center of our wallet will connect to our centrally controlled dojo host in Iceland. We do not store logs of IP addresses, but you have to take our word for it. By hosting your own dojo wallet server, you can bypass our servers and completely, service completely when using SamRite Wallet or Sentinel.
[02:14:14] Unknown:
It's where is this? On their website.
[02:14:17] Unknown:
And, if it's not the I remember I know I've seen it in the wallet, and I don't have the means to start up a new wallet this second. But if it's, you know, if it's not in there, I know that it's something that's been brought up. So, Ultimately, I do know that that what's it called? The whole Where is it in website? Sorry. I'll post it in the chat.
[02:14:50] Unknown:
Thanks.
[02:14:53] Unknown:
Ultimately, this isn't something that's never been brought up, communicated, or easy to you know, if you go on whether it's their Telegram, you go on Twitter, you search any of that stuff, you're going you're gonna find tons and tons of responses, tons and tons of, like, openness about it. If you look back to when they first hosted Dojo or first released Whirlpool, Like, I even remember when Whirlpool was first, released. Dojo hadn't been released yet, if I recall, and everyone was saying don't. So, like, a bunch of people were saying, like, don't do it until you get, until you get Dojo running and and do it with Dojo. And saying, well, I will never know. Like, yeah. And and the best practice was to start a fresh wallet. So if you start on Sami Wallet and then you oh, Sami Wallet server and you got Dojo running, you know, don't just, like, recover your wallet. Right? You want to come back and, start a fresh wallet and move your funds over.
It's the the practice has been part of the samurai culture. Like, running a dojo has been part of the samurai culture for as long as dojo's been around.
[02:16:03] Unknown:
Yeah. I'd agree with So But it doesn't mix these warnings up. Like, you have to you want to dojo to click through to the dojo part of the website to then be told the benefits of not using Sunrise service. Like, the warning's in the wrong place. Sure. At the very I look again.
[02:16:20] Unknown:
Zelco, would you agree that that it should be it should be very clear to the user on startup, the risks of of not using their own node.
[02:16:32] Unknown:
I mean so my my only issue isn't with having, like, a warning or whatever. Right? Like, I think that's fine. But as you've already said, Sunrise is the only one that even has any sort of, like, description of what's going on. They're the only ones that have done anything that that, like, talks about what to do with your stuff. Like, these prompts that are are there, even the ones that you're saying, or stuff that's not in any of the other walls. It's our so, like, I get frustrated because, like, yes, I I would love everything to be perfect. But, like, then when you start to talk about, like, appealing to all these different things. Because right now, it's like, oh, well, you know, like, like, the saying having the warning is, like, okay. Cool. You passed the check mark. Then what then what happens? Oh, well, that's I can't believe that's all they have is a thing. They shouldn't even allow people to use the use Ceramic Wallet with their server. It's it's always a goalpost. I'm not saying you're saying it. Just I just think these tools have clear, like, warnings of trade offs at start ups so that I don't have to have a separate 2 hour and 15 minute conversation on a podcast about them. Instead, they could just be at start up.
[02:17:38] Unknown:
I mean, this should be you should make the same argument for everyone. I agree. I 100% agree. I think Sparrow does a fucking fantastic job with it.
[02:17:47] Unknown:
Yep. Yep. You can't doing that. Like, you want you wanna have gone to every reasonable length possible to to educate people and then make their own choices and be sovereign, and then if they don't, that's not your problem anymore. But as far as I can tell, and I'll be honest here, this is not, you know, this is not me trying to, extend an olive branch or to be needlessly, accusing. I I think there is a concerted effort in the space to mock people that bring this concern to it and, detract and deflect and accuse, you know, make ad hominem arguments and things like that. And then to learn that there's a warning right there in the wallet when you install it, It's on the website. I'm like, okay. Great. And it just turns out there isn't really. Like, there should be an The reason that the reason that,
[02:18:35] Unknown:
like, I I've already said this. The reason that people attack that that stupid that argument, right, like, this this whole thing is because of, like it's like a again, it's a simple white knighting of, like, everything. It's like, oh, man. Well, like, it's not good enough. It's never good enough. This is never good enough. And it's continuously doing that instead of being like, oh, wow. Like, SemaRock actually does make all the best tools. SemaRock Wild does have the have the best coin joint. SemaRock does have the best post mix tools. Samurai does have, they're the only ones until Sparrow came along. The only one with Panem's. Right? They're the only ones that are actually doing something to try to further, Bitcoin's privacy. But people wanna sit here and just be like, oh, well, I can't believe they would do that without x warning or b warning or whatever it is. Like, I'm all for it. Like, I want I want warnings. I want that stuff. But when it comes down to it, we're like Me too. When it comes down to it, like, people are just like it's it's never gonna be good enough. So what happens is there, yeah, there are a lot of loyal people who are hardcore samurai people, and they're they stand up for their wallet because they see it all the time. Just get constantly dunked on or walked over or people attacking their stuff for no reason, right, or for a reason of, like, what the developers chose to do with their wallet.
Like, well, guess what? Users are still using it. Like, just No. I think despite all this. Because users do know. People who are Ronin users, people who are Dojo users know this trade off. Right? And that's why that they're Dojo users, they're doing that for the right reason. Right? But if we're talking about the the reality, the reality is that, like, all this stuff is already known. It's known. And, like, as a new user, could it be a a perfect onboard? Sure. I'll put in a feature request, but, like, ultimately, it's the people don't we we start to to push back because we hear so much nonsense and people sitting here saying, like, cheering on Wasabi and saying that, like, oh, it's so great and whatever. But yet they work with coin join, chain analysis, and they were they blacklist people. In what world is not everyone saying, like, okay. Like, we need to reevaluate.
Let's at least, like I I see the trade off. I'll run run I'll run Dojo, run and whatever, and I'll use I'll use Samurai and Woolfolk because I know that they're not working with, chain analysis. But, yeah, people are still sitting out and telling me that Wasabi is better because because that's ultimately what this is is that you've already said it. You're impartial towards mobile wallets. You don't like mobile wallets. And so, yeah, there's easy you could pick at anything in a mobile wallet versus a a desktop wallet. Right? But, like, the reality is that people need mobile wallets so they can transact in the streets. They can transact wherever they need to. So Yeah. This is my overall, like, assessment of your position on it. I think it's naive because we know that wasabi Wallet works with chain analysis, and you're saying we know that samurai don't. And I'm saying, how do you know that? What indicate okay. So tell me this. We have one that specifically told us. Right? What indications do you have that points to,
[02:21:38] Unknown:
Samuel Wallet working with, chain analysis? The point is I don't believe that they are, but we don't know. We we know wasabi is, and we don't know about samurai.
[02:21:49] Unknown:
I don't wanna make a I don't wanna make a argument ad absurd ad absurdum or whatever. But, like, we don't run, you know, dotexe files and closed source binary that Satoshi run writes for us and releases on a website because we trust him and then go, what indication do we have that Satoshi is compromised? Like, obviously, we don't we want to minimize trust. Like, that we should be on the same team with that, and I don't get why we're not.
[02:22:15] Unknown:
That that we're not on the same page with what? Like, you said that Samara was trust.
[02:22:21] Unknown:
You know, like, you're saying what do I have that they've broken our trust, and I'm saying I don't want to trust them. That's all. Yeah. But you but you're talking about, like, the wallet. Like, you're talking about the wallet, and that's really what it comes down to.
[02:22:33] Unknown:
Right? Like, one is the coordinator. The other is not a coordinator. Right? Like, like, they're both or sorry. Let me rephrase that. Wasabi and Samir are both front coordinators. Right? So it's important if you know that one is working with chain analysis. And if you don't know if the other is or is not, having some sort of indication is probably important. And I I would I would argue that if you're going to Do you look at the same one that's not say that somebody
[02:22:59] Unknown:
is the one that's been forthright about the fact that they're compromised and the samurai isn't, which actually makes Western Army more ethical. I'm not saying that's my position, but it's not clear cut. It's not black and white.
[02:23:09] Unknown:
The fact that What's not black and white?
[02:23:12] Unknown:
The fact that one openly works with chain analysis and one either doesn't work with chain analysis
[02:23:18] Unknown:
or lies about the fact that they do Well you go with Oh, let me tell you how it'd be very very easy to debunk, like, them working for the chain analysis. Right? In order for chain analysis to be effective with SamRwalt, right, you would need what? You need some sort of information, or they would need to be able they would want what more x pubs. Right? That's what they would want because I could just give that over. So if you don't see that Yeah. If if you're not seeing more users being pushed towards, samurai server, right, or if you're not seeing, you know, whatever it like, you're not seeing it. Right? You're not seeing the trend towards more expoaks being captured.
I don't see how you could sit there. Like, more development is happening towards, towards the node side of it than there is versus Wasabi, which is openly blacklisting. Their coordinator is openly blacklisting. You have one that is blind using Tor changing addresses and never have to see the other side of it. They worked with another wallet to implement. The other wallet worked with them, but Sparrow implements it so that there is, a whole liquidity pool that cannot be done by that. If Standard Wallet wanted to farm out these XPubs, when they say that we don't want them so that we have a higher, a higher rate of light wallet users so we could give that information to Chainalysis, wouldn't that make more sense?
They would want they would want less help. They would want more people to be mixing with LightWallet. Correct?
[02:24:51] Unknown:
Sorry. Can you rephrase?
[02:24:54] Unknown:
If my zone now. If SamRite Wallet was working with Chainalysis, they would want to limit the amount of people that no. They wouldn't want Sparrow to implement it. Right? Because they they would have no xpubs, and they would want more light wallet users because they have their xpubs. So if
[02:25:14] Unknown:
they worked, they they would have Spare Wallet use a separate pool, but they didn't. Yeah. You're acting like there's only ever one incentive in a situation, and that's just not the case. There would be a whole bunch of incentives. I mean One of them yeah. Look. There's incentive for samurai to not wanna betray their users, and there's incentives for them to want to betray their users. Like, they all exist.
[02:25:35] Unknown:
Okay. Yeah. I mean, I don't I, like, I I don't know how to, how to argue against, like like, actual incentives because, like, I've I just laid out the incentives, and you said, like, it doesn't matter. So,
[02:25:56] Unknown:
the whole incentive. This is why this is why the VPN analogy works. It's just part of the trust model. You're not there's no way to to to prove that the server is compromised or acting malicious, and users should be aware of that and that trust model if they're gonna use it. I mean, I I recommend molvad.net for VPN usage, and one of the reasons is because they're very clear that they say they don't take logs, but there's no way for you to verify it. Right. But I I just wanna be clear here because I said this earlier, and I was incorrect. Both me and Zelko said it. I spun up a new samurai wallet. It does not warn you, of the risks of using their server. I I mean, I personally would like to see a clear warning there.
It does give you the option to immediately connect to Dojo, like, first thing, but it doesn't say, like, what that benefit would be. It's like a simple text, you know, use this so you don't have to trust us.
[02:27:01] Unknown:
Yeah. That would that would make this whole thing a a very,
[02:27:05] Unknown:
happy Then it wouldn't matter. Outcome. Right? Like, everything else would be fine? I just want trade offs to be clear. It's my Yeah. I mean, like, sure. We'll we'll,
[02:27:13] Unknown:
the Like, if if we're putting people need to keep coming along and, like, creating issues and complaining about stuff that you're rolling your eyes at because it's been done to death, but it results in a warning that makes users more educated and aware of the trade offs, then I'm glad I did it. I mean, like,
[02:27:31] Unknown:
I just see it. I'm, like, looking at it from the point of, like, you know, we commute like, samurai community has been doing this for so long, and it's just like it's funny that it's like, oh, well, in order to get my stamp of approval, it needs this thing. And it's it's okay. Like, that's sure. Like, that's fine. And, you know, like, you might waste some of the the you know, like, maybe that's something I'd put in. But, you know, like, it doesn't like, you may seem like, oh, this like, everything else is fine. And so your your stance on everything else like, your initial point, your initial statement wasn't about a warning. Your initial statement was about, you know, if you use these tools without, you know, without Dojo, it's useless or it's a larp, and that was what I was upset about. That's what I think is absurd.
So, like, you you haven't been able to debunk anything other than saying, like, well, yeah, it works until their their, server's compromised. Okay. Well, until someone gets arrested, you can let me know. But, yeah. Yeah. Chips Ahoy because they're very clear about it on the website and in general.
[02:28:49] Unknown:
I just oh, yeah. That's why I was wrong. I mean, because they are so clear about it on the website. Yeah. We talked about it all. Yeah. I just personally would like to see more wallets in general do that, and I know I know in an open source situation, anyone can fork it and add that warning label. They don't wanna add it, and I I respect that. But I personally would just like to see warning labels on I would trade offs explained to people on start ups so they don't need separate education.
[02:29:18] Unknown:
Yeah. I think, I think there could be start up warnings on on, like, obviously, all wallets, but, like, it'd be good for the big heavy hitter ones to have stuff like that. Yeah. Like, boot up ledger live. When you boot up ledger live, it should tell you
[02:29:32] Unknown:
you're using Ledger's servers. Which is great. What's Barrow give us a list of warnings? I mean, like, we Our intent Yeah. To educate you. You've got no dog in the fight. Right? They want you to use what's best, and they don't suffer if you don't. Yeah. That's the point. They're missing revenue. Like, there's no incentive there, at least anything like to the extent. If someone sees a big red letter warning that says, warning. If you do this without Dojo, your privacy is you can no longer make any of the expectations to the same extent that you could if you were running Dojo. And they go, well, I'm not running That's not I can't. I'm not gonna use it. Like, it's
[02:30:05] Unknown:
you like, that's see, like, that's that's the line that that we're talking. I wanna know. We keep saying, like, you you you not could have privacy if you if you use our server. No one's gonna put that because it's not that is not the situation. That's not that's not the case. Like, it's don't use our, you know, don't use our server so that you can maintain optimal privacy or whatever it is. Like, you know, that's that is a very different statement than you saying that you won't have privacy if you use, if you opt to not run Dojo. Right? So, like, you you have to, like, understand the difference of what, like, what you're trying to to articulate because they're 2 different things.
[02:30:46] Unknown:
You have on your privacy. You've not proven I can't VPN on. If you're turning around and saying, like, your ISP has no financial incentive to keep your stuff private, A VPN provider does. If they get caught leaking data, then they lose business. Right? But are you gonna tell me that there isn't a honeypot VPN out there? Like, of course, there are. So it stands to reason that so I'm trying to sorry for the what aboutism, but there's going to be a privacy wallet in Bitcoin at some point that is a honeypot. And so we wanna look out for the signs of that, and we wanna minimize the mechanisms by which we can hurt ourselves by using it. Like, if wasabi team is all FBI agents, I don't care because they don't get any data that actually hurts me. They just do something I find politically disagreeable, but it doesn't change what their actual software does. No. Their software just works. So at all.
[02:31:35] Unknown:
But that's a different case. No. I I I see what you're saying. Like, that's fine. Right? But, like, it doesn't it doesn't change the fact that, like, your users that need it now, like, we're, like we can talk about the future. You can talk about improvement, all that stuff. Sure. But telling users right now, don't use it or it's harmful to use it is wrong. That's not correct. You've not yet proven. I want I'm not gonna end the debate with you trying to say that there's harm in users for using Whirlpool, on a light wallet when they if that's what they need to do. Right? Like, if they need a light wallet, they could they can use it. They can break deterministic links, spend, move on. And that's harmful if assumptions are wrong.
What?
[02:32:27] Unknown:
If their assumptions about what using the light wallet provides for them privacy wise are wrong, then that is harmful.
[02:32:34] Unknown:
How so? They're getting on chain privacy, and they've already been explained all this stuff. So explain to me how because this this is this is, like, the point that I'm I'm getting at. Because you gotta look at like like, you're talking about in this idea that they're working, and it's fine. I get it. Like, we need to have, you know, adversarial thinking, and that's fine. If they are they they can treat them. They can take care of themselves and figure out, hey. Do I is my adversary a samurai, or is my adversary, you know, chain analysis or third party? Because, like, that's it's typically the state, and it's typically gonna be law enforcement if they're really concerned about whatever it is. So if they're concerned about it and they can't run a node or they are choosing not to run a node for whatever reason, they can still have on chain privacy.
[02:33:25] Unknown:
On chain is is what we're looking at. Right? Yeah. But that's the point. They can point, though. But Is You've acknowledged over and over again in this discussion that it's better to use Dojo than you use.
[02:33:39] Unknown:
It's better to use Sami Wallet than it is to transact with a straight whatever wallet, right, that uses normal Bitcoin transactions. It's better to use a light wallet to mix, break the term and stick links on the chain, and take a small risk.
[02:33:59] Unknown:
Right? With only It's better to do that until you can run a new totally better. Do whatever. That's right. It's better than doing
[02:34:06] Unknown:
nothing. It's better than
[02:34:09] Unknown:
not doing the transaction. Love it as doing the full going full hog.
[02:34:16] Unknown:
I can't I didn't hear what you said. What did you say?
[02:34:19] Unknown:
It's not better to use the like client if your assumptions about the like client are that it affords you the same benefit of using Dojo.
[02:34:26] Unknown:
But when, like, when has that ever been said? And that's just because that's just your implication of the warning?
[02:34:35] Unknown:
No. Yes. The warning should make it clear that they are different. Yes. But you you are putting out that the the warning
[02:34:42] Unknown:
has to be something along the lines of, you know, your your data is compromised or your point your privacy is compromised, and it's not compromised. Once there is there is a chance of whatever, you know, there is a chance that could happen, but, like, you're trying to make this assumption that it is right now that you're that moving forward, you have no, that you have no privacy. It's like, well, if I need privacy from my employer, like Matt said, yeah. You have do you have to private transactional privacy from your employer? You have the privacy. It depends on who your privacy who you're trying your privacy from. So, like, that's that's a delineation I'm trying to make with you that you you're still unwilling to accept,
[02:35:32] Unknown:
and that's fine. You can you can have I'm not saying there's no I'm not saying there are circumstances where using just the light client You are. Doesn't create a threat model to having not used it at all. Okay? I'm not I also won't concede, though, that that is strictly better than just operating publicly on base chain. I'm trying to say that we definitely have obviously over and over agreed on the fact that using Ronin Dojo with the samurai wallet instead of using it as a light client is better. The fact that it is better and that you agree with that means we can make a statement that tells people
[02:36:16] Unknown:
I mean, I I I feel like no. That's that's fine. No. No. You're fine. What I'm gathering the statement. Is it Yeah. Best case, use Dojo, use Turn Dojo better. Like, take the assumption. Right? Take the risk. And then, like, the worst case scenario, use, like, Wasabi or something. Right? I'm just kidding. That was a joke. I'm just kidding. Realistic. Yeah. No. I'm just like I think I think we've talked in circles that so much that it's kind of, like, pointless to this point just because, it's very, like, nuanced of what we're talking about. And, like, the the debate like, I I was heated when I when I started this whole thing because, you know, if I look through the the tweet thread, it's like, oh, more like, you know, samurai is fed or samurai is this and blah blah blah blah blah. And it's like, I'm I, like, can't help but get heated. Right? And we we start to debate, and I'm making these points. And, like, we're just talking circles because you you're operating in a very high adversarial mindset versus, like, a normal person mindset, which is fine. There is a level that that we should have. Like, we we should have people who think adversarially.
I'm okay with that. Right? But I'm not okay with not being able to accept that there is adversarial thinking, and then there is, like, okay, the reality of, like, there are normal people who need to use this normally. Right? And so you you have to be able to step back sometimes, right, and think a little less adversarial to be able to, like, understand why something is the way it is. Right? Like, normal people need to to operate this like, might need to operate this way. And so Yeah. And that's why if if, like because your your whole, like, argument is is about this. It's literally about a is adversarial thinking. That's fine. Yeah.
[02:38:20] Unknown:
But but, like adversarial as opposed to optimization.
[02:38:24] Unknown:
That and that's okay. And that's why and there's an option for you. Right? There's an option for you. Dojo. Right? Cool. There's there is an option for people who are not adversarial, care, or they are not adversarial against, against Sam Roth Wallet. So that's I I think that we can agree on on, like, where your mindset is and why it differentiates from everyday people. But, yeah, I kinda agree with the some of the people on the chat. Like, is this still going? Yep. It's because we we have been calling in circles for a long time, and that's why I'm, like, trying not to bash my face into my keyboard right now. Yeah. That's I don't I don't think there's much else that I have to add. Matt?
[02:39:12] Unknown:
Thanks, Elko. You wanna, mechanic, you wanna wrap us up with some final thoughts, and then, well well, then this bad boy, we've been gone for 2 hours and 40 minutes. Jesus.
[02:39:22] Unknown:
Yeah. I failed it wrapping up last time. Yeah. You did. Try again. I don't I don't want obtuseness. Right? Like, as Chip said in the chat, like, if you get paid in Bitcoin from your employer and you run it through Whirlpool LiteClient, your employers then can't trace it. You've gained privacy. And I'm like, yeah. Exactly. If your ISP is sending all your browsing activity to law enforcement and you use a VPN, then you've got around that. Congrats. But who's to say the VPN isn't just sending that data instead? And law enforcement specifically targeting them. Even if they're good actors, maybe their hardware is compromised, and they don't even know about it. So best to use software that just minimizes all this in the first place, a Tor network or, you know, Samura at least, Samura with your own node, and that's what I'd recommend.
[02:40:09] Unknown:
That was a much better wrap up this time.
[02:40:11] Unknown:
Okay. Guys, I look. I think, I appreciate you both coming on. I'm glad that you both felt comfortable with dispatch as a as a forum for open discussion. I hope that that some listener I think I think a lot of listeners will have found this helpful, and I hope that's the case. Yeah. And I I I I just appreciate you both, and I'm glad I'm glad that we had this discussion. So thank you both.
[02:40:42] Unknown:
Nice one, mate. It was good to meet you a bit. And,
[02:40:46] Unknown:
and, yeah, don't forget. You guys can always run Run on Dojo because we'll support it. So if you wanna use samurai and you wanna mitigate all the risks, run dojo.
[02:40:57] Unknown:
Cheers, guys. Thanks.
[02:40:59] Unknown:
Alright, buddy. Bye.
Happy Bitcoin Monday, freaks. It's your boy, Odell, here for another Citadel dispatch. This episode, it will be slightly different than our normal conversations on dispatch. We're trying a new format, for this specific situation. It's gonna be a debate. We might have more debates on the channel going forward. Before we get started, I wanna thank all the freaks who continue to support the show. As many of you are already aware, dispatch is a 100% audience funded without ads or sponsors, and I could not do it without you. The easiest way to support the show is by using a podcasting 2.0 app, such as fountain podcast, Breezewallet, or podverse.fm.
There are also many other podcasting apps that use the podcasting 2.0 standard. You simply use them like a regular podcast app, search still dispatch, press the subscribe button, choose how many sats per minute you think dispatch is worth to you. And as you listen, it will stream sats directly to my node. Podcasting 2.0 also supports a feature called boostograms, where you can do a single, a single payment that includes a message, and I read those read the top 4 of those from the previous episode, every rip. You can also support the show by going to cildispatch.com.
I have a BTC pay server there where you can send stats via an on chain payment or lightning. And I also have my pay name there, which you can pay from Samura wallet or Sparrow Wallet. My pay name is Odell. Very easy to remember. So shout out to all the freaks who continue to support the show. And if you do not, you know, I know it's I know we're in down down market right now. We're in a bear market right now, and, I know stats are tough to spare. If you do not have stats to spare, simply subscribing on your favorite platform, leaving a review, sharing it with your friends and family is greatly appreciated. As always, Serial Dispatch is broadcast on Twitter, Twitch, YouTube, Bitcoin TV, and is available in all your favorite podcast apps. So thank you. And once again, dispatch is a unique show in that we have a live audience, tuning in from Twitch, Twitter, YouTube, and matrix chat. The matrix chat, you can find at citadel dispatch.com by clicking that citadel chat button.
So we will be interacting with the audience as we usually do, and I want to thank the freaks that join us in the live chat because you make this a special experience. So before we get started, I'm just gonna read the top four boosts from the last dispatch, which was with Adam Back. So dispatch 75. We have at Nate Johnson contributed 50,000 sats. Says, this show is invaluable. I appreciate all you do for the space. Hope your family is okay. We have Mallard Quackenbush with 20,000 sets saying meow meow. Very insightful, Mallard. Appreciate it. We have letter 6173 saying, when sat girl summer with 7,777 sets.
And we have 8 mythrander saying, Adam is the real one, 5,001 sets. So I wanna thank all the freaks who continue to support the show. I do appreciate you. You can look up the remaining boostograms on your favorite podcasting 2.0 app. They're open for all. So without further ado, let's get started on this debate. I had Zelco. We have we have BTC Zelco in the house, a return guest. How's it going, Zelco?
[00:04:01] Unknown:
Hey. What's up, Matt? Yeah. No. Been good. Just, excited to squash some of this, these myths that that we would have. So yeah. No. I'm I'm excited. Life's good.
[00:04:15] Unknown:
To those who are not aware, Zelco works with the Ronin Dojo project, a full node, a full node solution, particularly suited for using the samurai stack. We also have, mechanic in the house who goes by Grasp Fed Bitcoin on Twitter. How's it going, mechanic? Hey. Good, man. Thanks for having me. Pleasure is mine. He works for Start 9 Labs. Another full node option available to Bitcoiners. So today's debate prompt is, are the trade offs of Samura wallets, light client mode, a benefit to users? This all started with a tweet that went out by Grass Fed Bitcoin.
Zelco and him had a back and forth, and then they decided to rope me in, tag me in the tweet, and say, let's have this debate live on air. Boys, before we get started, I wanna keep this as civil as possible. I do have god power over both of you and can mute. I do not wanna use that power. I've never used that power, but I do have. No. I promise I promise to be very respectful.
[00:05:27] Unknown:
Otherwise, it won't be a productive debate.
[00:05:30] Unknown:
Yeah. I'll do my best.
[00:05:33] Unknown:
Despite my original,
[00:05:34] Unknown:
you know, trolling style post, I don't intend to just sit here and sling shit. So would you like to maybe maybe to start us off, mechanic, you wanna read the tweet that started this all? Do you have it in front of you? I actually don't.
[00:05:48] Unknown:
I I can do it. They said, what's the opposite of galaxy brain meme template? I need something where the person just gets more and more retarded until they end up using samurai wallet. So that's the that's the initial tweet.
[00:06:07] Unknown:
Yeah. So, obviously, you like, trolling, poking fun. The reason I think it's, well, I like the title of the debate, how you framed it already, because that acknowledges that there is at least a trade off to doing it, using in, the manner in which you're not using your own node. And, consequently, if you're engaging in coin joins, you're leaking your XPub, which to me invalidates the whole charm and blinding, which is what people think imagine the purpose of doing coin joints is in the first place. And my issue is with the general framing in the space, which is not that, you just shouldn't do it that way.
Instead, it's you can do it that way, and there's a better way, which is to run something like running dojo and connect samurai to it, and or use Whirlpool through Sparrow or something like that. And to be clear, I think those are great projects. ZELCO, I really like Ronin Dojo, and other people in my company, as you pointed out in our debate, are fans of it. Like, Dave Crosson, for example. He's a big fan of the project, and as you mentioned, he's done stuff with you on it. So, likewise, that will likely be implemented in some fashion on start 9, on the embassy, and, people have come at me with, accusations of hypocrisy and things like that because I work for Star 9, and what am I doing? What's, what am I talking about? My company likes it. Am I gonna quit? Yada yada yada.
So, no, I don't want to do any of that. I I want to give respect my respect to you. Samurai even does, if I can steal my own samurai as much as possible, even does something which I find really hard to find outside of samurai wallet, which is if you set it up to connect to your own full mode and your node is offline for some reason, it won't work, which is great. Because things like Electrum, so many other wallets, where where privacy is a concern, and they have some sort of SPV mode, they will just fail they will just fall back to running public nodes and then betray all your privacy. It only takes one mistake to ruin privacy. Right? So, samurai, to their credit, don't do that. If the node isn't running and they're not connected to it, samurai just won't do anything. That's great. So I only have one specific problem, and it's a problem that I think isn't really framed correctly, which is simply what I already stated. I'll try and state it more concisely, which is I don't think it's better than, the default position where you connect where you leak your XPUB to summarize servers, by using your own server. I don't think that's better. I think that's required.
That's the difference, binding where you're leaking your XPub to 3rd parties. I don't think that's legit. I think there are potential use cases for it, and it totally does invalidate on chain analysis heuristics and things like that. It changes the threat model, but it doesn't do what a lot of people, I think, think it does. So that's why I want to try and spread that awareness even though I'm obviously being stupid and calling people retarded and stuff like that. I think there's actually a serious point behind it. And what it devolves into when I chat with this stuff is people going absolutely nuts at me for something that I'm unable to abandon because I do genuinely find it to be truthful.
So, yeah, I'll stop there, and let's, let's let you have a record.
[00:09:39] Unknown:
So to be clear, you're saying that what if, if you're connecting to a semi wallet server. Right? So, you know, they're providing all your balances. Right? That's what the x bugs are for. That there is no privacy gained whatsoever. Is that your overall stance because you're not running through your own node?
[00:10:02] Unknown:
I'm not saying there's no privacy gain whatsoever. There can be. It depends on whether you trust the people that you're providing the information to. It might not be. It might be. To me, it's, the analogy I like to use for it is VPNs. Like, I find samurai in that used in that manner to be like NordVPN or ProtonMail or something like that where you can actually be, in worst case scenario, just using a honeypot. Because if it's not actually like, a VPN will say we don't keep log, we have to trust them not to keep logs. That's not the same as them not having any data in the first place, which is a far superior model. Like, the basic adage, can't be evil is better than don't be evil. Okay. Well,
[00:10:44] Unknown:
for 1, right, that requires in in order to d docs, any of those ex pubs, right, 1, you you need some sort of PII. Right? Some sort of personally identified information. Something that will, connect you, right, to that to to that expo. Right? And you're talking about post, you know, post spends. You probably need to have some sort of link that actually connects you to your spend and then be able to trace it backwards or, yeah, like, if they were to tie the x pub that way. But they there's no sign up. Right? There's no emails. There's no names. There's no by default, it comes with Tor. Right? So your IP address is hidden.
So I'm not I'm not entirely sure, like, where that threat model is. Like, where, if you are in a pinch, you don't have a node. And this is coming from the guy that wants everyone to run a node, obviously. Right? Like, I would love if every samurai user was a Ronin Dojo user. It'd be fantastic, but that's that's not the that's not always the case. Not everyone has the ability to do that. Right? They might they might have the ability to mix some coins that they need mixed, and there of of course, there's a a trust model and trust trade off whenever when it comes to a light node any light node. Right? Like, any light wallet. Sorry. Any light wallet is gonna require some sort of trust model. Right? What and the the question is and the reason why Sunrise Wallet is set up this way to have their server is because they tend to believe that people who use their software have some sort of trust in them. If you don't trust Samurais Wallet, why would you run their wallet? Like, why would you install their software?
You wouldn't. Right? Like like, some people like like, it to me to me, that that doesn't really make sense. Like, if you're like, oh, they're bad actors, but I'm still gonna use it. Like, that doesn't make sense, whatsoever. Right? And if if you're looking for quick, you know, 3rd, 3rd party, you know, like, blockchain, privacy. Right? Samurai Wallet's going to give that to you whether you're using, using the light wallet, right, or if you're connecting it to your node, when it comes down to, let's look at the blockchain, right, or if you're chain analysis and you're starting from the end or you're starting from the beginning, you're trying to find out whose this is, who's this game from, then you have that privacy. That privacy is there, and you're not it's not unwinding it. Like, users there are a lot of users who can't just, like, up and run a node at the same time, like, from the start. I would love it if they did, but that's not the reality. It's not the reality of of Bitcoin. Like, running nodes has gotten way more popular, but we're still not at a point where the vast majority do it. So a trust trade off is is it's going to be there. Right? But it it doesn't make you not private.
Like, it doesn't, it doesn't take away from the privacy that you gain. Right? You're trusting do you and the question that users have to ask themselves, do you trust, Samurai Wallet? If you're a light wallet user, do you trust Samurai Wallet more than you trust Chainalysis or whatever it is that you're trying to gain? Because if if you trust 1 versus the other, you know, that that should be your trust model. Like, you have to if you if you're not gonna run a node, you need to have some sort of trust, And Samurai Watch is not to elect for random nodes that could be surveillance nodes, which we know that are out there. Instead, they chose to be the one that that bears that burden for their users.
[00:14:24] Unknown:
So I'm just gonna jump in here real quick and provide a little bit of context. I'm seeing a question in the matrix chat, which clues me in that this context should be given. When you're interacting with the Bitcoin network, to interact with the Bitcoin network, you need to use a Bitcoin node. Now that node could either be your own node or it can be someone else's node. If it if you're using someone else's node, you're trusting them with the validation, the verification of the rules of the network, and you're trusting them with some elements of your privacy. With Samurais specifically, you're able to use their software wallet, their mobile wallet, with your own node or with their node.
If you use it with their node, first of all, a warning message pops up when you first boot up the wallet telling you that there is a trust element involved in trusting their node, and suggesting that you consider using your own node. And the second thing is you're trusting them with the the verification of the rules of the network, and you're trusting them with some element of privacy. Now with Samurais specifically, it defaults to Tor. So you do not give them your IP address when you are connecting to their node. But they are able to if they are acting maliciously, they're able to link the different addresses you have together. So best practice in Bitcoin is to not reuse addresses.
But in this situation, whosever node you're using is able to then, in this case, samurai, is able to then link those addresses, balances, and transactions with each other. Now they obviously do not have a legal name. They do not have an IP address. They just because it goes through Tor, but they're able to link those specific things together. Now, yeah. So that that's that's the key setup that we're talking about here, and now you can carry on, Mechanic, if you'd like to respond.
[00:16:21] Unknown:
Yeah. So, I mean, I don't want a straw man, you, in any case. You're just you're asking people if they trust samurai, and I'm saying I don't want people to trust samurai. I want for samurai to be in a position where you don't have to trust them, which is the ethos of almost everything in Bitcoin. We're talking about trust less money, and I don't wanna be obtuse because these are having privacy in Bitcoin is not the same thing as Bitcoin itself. But I don't want to trust someone that has put themselves in a position where I need to trust them. That is not, that is not a serious way to go about things. It's and given that people are going to come to them, I mean, I don't wanna be crude, but if someone told you, hey, put this stuff over your skin, it will make you invisible, and it doesn't, like, you're doing far more damage to a person. Like, what's the consequences of a person going out who thinks they're invisible when they're not? They're gonna do things that they wouldn't do, if they knew everyone could see them. Right? So people might take precautions if they hadn't engaged in any privacy practices at all or any sort of coin joining privacy practices.
People might in people act carefully when they know they're being watched if they have the illusion of privacy, in which which can have been afforded to them by taking part in a coin joint, that worst case scenario again, I don't wanna cast aspersions here. I'm just saying worst case scenario. If samurai were bad actors and they were providing a service to people that were looking specifically for privacy because they wanted to do something illicit or, you know, they just wanted to privacy is a human right. We all know that people can do this to for the most, ethical of reasons, to just look after their own privacy. Supposing you go there, you engage in it, samurai turn out to be bad actors, your identity gets leaked in some way, which you mentioned. You said it's not a problem if identity doesn't get connected with the person somehow, but the fact that that can happen is why we need these practices in the first place. So if you're not worried about identity getting attached to any sort of Bitcoin address, then there's no need for coin joining in the first place.
The fact that there is means, you know, the point of coin joining is, my identity got linked to this Bitcoin address that I withdrew from some Bitcoins I bought from Coinbase. I withdrew them to this address. I now need to break chain analysis that will connect that address and my identity to other future addresses. The point of coin joining is to break that. If you reattach identity to it at some point, then that's a problem. But, anyway, I digress. I'm saying my point is that if you, if your identity becomes known, the whole point of coin joining is to break that again so chain analysis can't do it. But if you're engaging in that practice, in the first place, thinking it's giving you privacy, you're you might potentially be doing it through a company that exists specifically, maybe not even through a fault of their own, as, an entity that collects data from people and, you know, I'm I'm down around it, but I'm basically saying the honeypot I got what you're saying. The the honeypot thing. Right? So and, again,
[00:19:37] Unknown:
in order for the honeypot to be effective, right, so they they would, 1, need to get attacked. Right? And all the x bugs would need to be taken, All of them, not just one, not isolated. It needs to be all of them. Right? And then they need to have something that still connects them to that identity, like, to that xPub. So it's required. Problem that I need to Can you hear me?
[00:19:59] Unknown:
Yeah. For sure. I'm just saying it would be just one xPub, and that's a problem. Sure. But I I'm saying if if some if their
[00:20:05] Unknown:
if their server got attacked, it's it's all of them, but also the fact that, like, that one x pub would only give them one person. Right? So even even in the case that you're saying, right, they're they need something in addition. Right? The x pub alone is not going to do anything to link their PII, and that's what I'm saying. Their identity is not connected, right, because there's nothing that connects it before, and there's nothing that's connecting it. There there's nothing on Samuraiserv or in dojo because that's what their samurai server is, is dojo. Right? And, there's nothing I know better in Bitcoin than than dojo.
Right? There's nothing in Dojo that can that says, oh, you know, BTC, XLCO's, XPUB, like, boom. There's nothing that connects you from within their server, so there's nothing that can connect afterwards. Right? And there's nothing that can connect their identity. When you're talking about identity in in particular, now spending behaviors, whatever. Sure. But if they they need to have that other information, they need to have who that what that other addresses do. Private practices
[00:21:06] Unknown:
going forward, for sure, but it wouldn't necessarily be it they don't need to do the work of law enforcement for them. They can just say, okay. We have an ex pub. Here's a bunch of addresses which aren't linked due to chain analysis anymore, but we can provide you an XPUB, which will link certain addresses. Now it's a separate issue going and finding the identity that is attached to those addresses. That doesn't need to be an additional risk. Like, if you have to sign in to Samurais and upload a picture of your passport too, that would be a separate problem. Like, that's not you don't have to do that. I mean, hats off So the fact you don't have to So the argument is that someone's going to hack samurai server, a privacy server, the threat model.
[00:21:44] Unknown:
The That's one issue. Another is that there someone's gonna hack them and then just turn over all of their stuff to law enforcement. So law enforcement or chain analysis can link all of these xpubs or one xpub or whatever. Like, that's the that's the threat model that someone's gonna do that. Like, WhiteHat just, attack all these users. Because what it really what it really comes down to is that law enforcement, chain analysis, any of these companies, right, they don't have expos. They don't have that information. Right? The the users that are using it, like, wallet How do you
[00:22:18] Unknown:
that is what you need to explain to me, how you can be so confident in that assertion.
[00:22:41] Unknown:
If anything happens. Like, they it it's in it's been in their terms of service from the beginning. Right?
[00:22:48] Unknown:
Mhmm. Yeah. But are you saying that's entirely because they're bootlickers rather than the fact that there's pressure on them to do that, and they've just bent the price down the road? Said that they were not pressured to add in blacklisting. Like, you could go on a whole thing about what's stopping, but Right. We can conclude that law enforcement are definitely paying attention to things like CoinJoin. Right? They're not just letting it go past without any interest.
[00:23:14] Unknown:
Well, the the real threat model, and I'm wondering if you guys would agree look. I I think you both agree that obviously using your own note is preferable here. But the the real the real threat model with the light client mode is you're not just trusting samurai to not be malicious. You're trusting them to be able to keep their server secure. So if their server gets compromised, and we already know that maybe 90% over 90% of new users who come into Bitcoin are coming in via KY Seed Services, where they're uploading their passport, giving their Social Security number, taking selfies, putting their mailing address and stuff. If the server gets compromised by some government affiliated agency and then gets coupled with KYC information, then that entity can go and unwind the collaborative transactions.
CoinJoin can unwind those transactions because they have full sight into the rounds. Do we both agree on that? Mhmm.
[00:24:13] Unknown:
I mean, yeah. Yeah. If you have someone's ex pub, you can see, like, all the all the history. Like, that's And, like, the deposit address would be a a KYC'd
[00:24:22] Unknown:
attached
[00:24:23] Unknown:
to POS. The only thing I disagree with that you said is that, it's better to run a full node. My flat out assertion is that it's required. It's not better. And that's that's also just
[00:24:35] Unknown:
if you try to make something like that required, right, people just miss out on the tool. Right? The tool still work. Like like, it's trying to say that CoinJoin, which is the whole point of it is to obscure the blockchain. Right? Obscure transaction blockchain or a collaborative transaction. And by you trying to make an assertion that if you're not, that you have no privacy, that's saying that it you don't even get any sort of gain, which you do. You get immediate gain, right, from having this transaction because the only way the own and only in this fairy tale situation is that if they get compromised. And if they get compromised, you could easily move those funds to a brand new wallet that's backed by a node and then mix them again. You can do all of those things if you're really that concerned. But, honestly, like, the the threat model the threat model the current the current threat model is against chain analysis, right, and against people just looking at the blockchain.
Does does does does does Whirlpool give you that this is what I need to know. Hold on. I need to know that. Does Whirlpool solution. Does Whirlpool give you transactional privacy, right, on the blockchain?
[00:25:48] Unknown:
You can make some assumptions about it. I mean, look, with a theoretically perfect hold on. With a theoretically perfect coin join, if best practices are observed by everyone involved, and it's something like join market where there's, you know, where we have a superior approach in almost every way. Just saying, oh, I'm not a wasabi, and much preferred coin market. I'm saying if other people engaged in the coin joint don't observe proper practices and link UTXOs again, that ruins your privacy too. So there's no such it's a very approximate way to get privacy into a system that's public by design. Privacy is a huge issue in Bitcoin. It's really difficult to see how know why join market's privacy doesn't if someone has really poor practices,
[00:26:30] Unknown:
it it ruins their privacy because you're only mixing you're doing basically just one collaborative transaction. Right? Like, you're not doing you're not having 5 people, and, like, yes, one of those 5 people could screw up, and then everyone else is still remixing. We have far more liquidity and Whirlpool than we do in joint market. So as those numbers go up, you're just hiding in a in a a far bigger mix. Right? People are mixing the cold storage and leaving it there. It's just continuously getting gaining privacy because people don't know who those transactions are, like, who those UTXOs are from. Right? So your your theory that, that you're gonna get better coin joints from joint market, that's also very silly.
And one person could ruin that versus one individual practicing bad habits, which are preached and and explained thoroughly multiple times by hundreds of people in, in the samurai community. Right? And, like, we don't do the spend all. There's so many, like, red flag or pop ups that happen when you try to hurt do something that would harm your privacy in the samurai wallet because they know that at the end of the day, some users are gonna do something stupid. Right? But it's not going to ruin everything for everybody. Right? It's not going to unwind everything. Right? You still have far more, privacy, and that this is a totally different topic, but you're getting more privacy from from that than you are in join market. But the the It's pro Like, that's that's, like, laughable to me. But the private it's coin join. It doesn't
[00:27:55] Unknown:
it doesn't completely do it with one mistake from one participant. It's just an assumption. Right? Like, you have you engage in a round with a 100 other people. You assume that 20 of them are at the FBI, another 10 of them are gonna remix their UTXOs afterwards, and you'd be more pessimistic as you like, or you engage in more rounds afterwards, and you go, okay. I feel pretty private now. But this is the whole thing. It's all very approximate, which is why you don't wanna shoot yourself in the foot by using something that's designed
[00:28:23] Unknown:
in a compromised way in the first place. Like, you're you're what you're saying about Sam Okay. Do you know why let me let me just stop. So there's a specific reason why Samurai Wallet opted to to do the server mode. Not sure if you if you know the history. Right? So Samurai Wallet's been around since before, the the user activated software. Right? So that was why. And they allowed a trusted note option where you could connect to connect to your your note or or whatnot. But, sorry. I didn't mean to keep clicking my pen, Matt. But the whole I told Zalco to stop clicking my pen. He did. I I've been clicking my pen. I'm sorry.
But the whole point was that people were running people were running light wallets. So they came from a time period, which I know is hard for everyone to to understand now that we have, you know, everyone. There there's too many node node projects now, for people to think about not running a node. But, like, there was a time when the majority of users didn't run their own node. It just wasn't a thing. Right? So they said instead of using a an an Electrum style setup where, you're gonna be connecting to a random node to fetch your balances, why would you give away that information?
At least, at a minimum, you can trust us because you're already using our software. That's why that that model is there. It's not because of, like, some other thing. It's the fact that most users understand that trade off. Most users who are using LightWallet are either starting out like that because they don't have a node. Right? And they're okay. They wanna try to they wanna see what's going on, and then a majority of them switch over to a full node. Right? But the idea is that if you take away something that gives them that immediate privacy because there has not been a leak, there hasn't been a hack, you're still going to be able to to transact privately, right, detaching away from that initial whether it was KYC or that initial transaction.
Whatever the previous history was is gone. Right? Like, you you actually have that unlike in in other coin join attempts. Right? You actually get that deterministic links are actually broken in Whirlpool. So moving forward, they have that privacy. They can do what they want. Right? They could they harm themselves? It's very difficult, but could they? Sure. But at the end of the day, you're talking about in this in this fairy tale situation where samurai gets hacked and everything is is to shit. If that does happen, it's bad for everybody. Like, it is bad for Bitcoin if that happened and everyone who was a light wallet user with the with the I chose a pet. But they're not well, why would you change it now and force all users to run an a node in order to use their mobile wallet?
Forcing Well, you don't have forcing users to do that is not is not something that, one, they need to do. Right? Because most users wanna transact, like, at the highest privacy level that they can.
[00:31:14] Unknown:
So You don't have to they run a node. I have the game for that because it's not necessary. You can still do this thing with an SPV. You don't need to. You can just use block filters, which as you point out weren't available back when Samura's original design was done. Bit 157 and 158 solve the problem of having nodes that you have to pull data from and consequently ruining your own privacy. Block filters get rid of the full set of people to provide you the block filters. So what's your like, there's not it doesn't it doesn't fit in yet. You're trusting them with the fleet of the network, but you're not trusting them with, keeping, not keeping logs of what it is you're requesting because they don't know what it is you're requesting because it's probabilistic.
They have to make so many assumptions. You're pulling a whole bunch of data, and you're obfuscating the specific requirements. It's not like, here's my XPub. Tell me the exact history of this on the blockchain. It's, here. I need a 10,000 bits of data. One of them is interesting to me, and you've got no heuristic for figuring out which one it is. Block filters are really good. They're much better than bloom filters, but they're newer. This is what this is a good design, and you can switch to that if it's really important, which it is, to make sure people without nodes can still engage in coin joining. Switch to block filters. Does block does block filters work for,
[00:32:27] Unknown:
anything other than BIP 80 4? Yeah. Wait. So let me just jump in here real quick. So block filters are what Wasabi uses. Block filters, you have a trust trade off in terms of you you're you're trusting the provider of the block filters to actually notify you if your transactions came in, but you're not trusting them with your privacy. Now my basic understanding of the situation is that block filters are too heavy to currently implement on mobile. I even Nopara, lead dev and founder of Wasabi, has agreed with that. You know, Wasabi uses a desktop.
So I to me, the crux of this debate comes down to the fact of, should people that only have a mobile phone, that do not have the ability to use their own node, do not have the ability to use a desktop computer in general, are those people should those people get some kind of privacy gain on the ledger even if it requires trusting an entity such as samurai? And if you use join market if you use join market, that doesn't solve that issue. It doesn't solve the issue for people that only have mobile phones.
[00:33:46] Unknown:
Yeah. I just don't like the framing of it as a privacy gain because it's not necessarily a privacy gain. It can be weakening depending on whether samurai are not only trustworthy, but also just completely competent, which they can have the best intentions in the world, but accidents happen. We we need the data not to exist in the first place. The minute it does, it's it's a problem. This is like
[00:34:09] Unknown:
a a white knight this is like white knighting privacy. Like, it's not the it's not the realistic
[00:34:14] Unknown:
Well, let's let's let's bring this let's bring this to a scenario let's bring this to, like, a a real world scenario, because I'm curious. I'm curious of mechanic's opinion. So if if you're if you're if you're an activist in Venezuela and you're receiving donations in Venezuela, and you're concerned about the Venezuelan regime tracking you on chain when you're using Bitcoin. Does Samurais light client offering provide a benefit to those users?
[00:34:50] Unknown:
Potentially. And also it could be harming those users as well, like, seriously badly. And, given the analogy I made earlier, which is if you think you're naked and you're stealing stuff from a supermarket and everyone can see what you're doing, that's awful in comparison to you knowing people can see you.
[00:35:07] Unknown:
So it might be better not to have engaged in privacy at all. Hang on. I think I don't think we have a good time to do it. I wanna I wanna finish my thought process with mechanic. Sure. Mechanic, if does do you still do you still feel that way if the wallet is telling you that you're trusting Samurais server on boot up and explains the trade off to you?
[00:35:31] Unknown:
No. I I well, yes. I feel that way. Even with full awareness of the fact that you have to trust Sunrise Server, it's still I would still criticize the design of it and the fact that it's possible in the first place, but obviously that's my preference that they would warn you and make you as, like, I think people should be able to use VPNs. Right? I think people should be able to use samurai in this way. My critique is mainly that it's never characterized. It's a different kettle of fish altogether. Using your own samurai with your own node is a different model than using, their server. It's not an simply an improvement to use your own node. It's a different set of issues.
Like, my analogy for it is, like, you wanna access a website, like some streaming service at hulu.com or something, and it only lets Americans use it. So you use a VPN and you go you hop on an American IP address, and then you can watch TV. Hooray. But that's not like, a guy in Iran or something trying to, gain privacy from an adversarial government. Right? They're gonna use the Tor network. They're not gonna use a VPN. Why? Because a VPN is potentially just a honeypot and could be worse than if you just used your raw IP address. So this, to bring it back to samurai, to me feels like if you want to deposit some coins in some, you know, putrid institution like BlockFi that will censor stuff that comes from certain places.
What you would do if you have a blacklisted UTXO is you can use samurai, without a node. Right? Because you can break the link between them, and then the service has no idea that you're coming from a blacklisted UTXO. It's good for that because they're not really bothered about doing a proper investigation, just like Hulu aren't bothered with confirming that you're really in America or not. They're not gonna go to that length. But Hulu is a very different threat model from NSA or government agencies in general. They're different things. Sorry. I went a bit on track there.
[00:37:31] Unknown:
So, Zelko, you had a problem with my analogy? No. Not your analogy. You're my I have a problem with analogy. It was a thought process. Yeah. No. Your thought process was fine. Yeah. I I do like it. I just don't think that it's frank. My my, like, issue is they keep framing. It's it's the wrong framing when you're saying, people would run into a, like, if you're if you were told that you're naked in a supermarket or that you can run naked in a supermarket because you're invisible. That's that's seriously absurd. Because, 1, like, on top of that so all the warnings, right, you're like, okay. Well, one person can see me if they were, like, naked in a supermarket when they wear these special goggles because they can they're the only ones that can see me run naked. Right? So they're the only ones that can see me invisible rather because that's that was your thing. So only one person can see me invisible. Right? But if they share those goggles with someone else, then another person could see that I was doing it. Right? Not everyone's going to see that I was doing that, but only the people that have the goggles. That's the that would be a better framing of your analogy and you saying that, like, you're gonna do some, like, crazy thing because you think that ever no one can see you. But, really, you know that one person can see you. Right?
So to me, if you're gonna frame that argument I I just I still don't understand why we were talking about someone Sure. Run around naked. Not really my thing, but, like, you brought up something that I will touch on. You said it's a different model, samurai server versus running our own node. How how is that the case? Like, if I pulled up 2 transact 2 Whirlpool transactions, Right? One that had a you know, maybe I know that there's a maybe I ran a light wallet, and I I mixed it. Right? And then another one was a, you know, another mix that I ran from my dojo.
Are you gonna be able to tell the difference? If you look at if I just gave you a transaction ID, would you be able to tell me that this is samurai wall this is the samurai server 1 and this is the dojo 1? No. But that's not my issue. But that but that's what you're saying, though. You're saying they're 2 different models, and they're not. Like, you're saying that you don't gain these privacies that people would transaction transact differently, and then you're also forgetting a totally different threat model that a bunch of people in the chat have actually brought up, and I can't see them anymore to to read them word for word. But, you know, running a full node on like, all the time versus a, using a light wallet in someone else's server, Right? That also like, having all of that data pulling all the time, right, is going to be a trigger to to outside observers, right, versus if you're using that light wallet. In some countries, it's more of a risk to run the node than it is to use a light wallet.
So, like, you know, this this idea that you have that, like, everyone needs to have like, I would love it if everyone ran a node, but that's that's, one, it's not realistic to the world scenario that certain people live in. And 2, when you take that and you extrapolate to also block filters and people in shitty countries that are I guess, it's not a shitty country if you live there. I'm sorry. But in these underdeveloped countries, and you are trying to download block fill like, bloom filters to pull all of your information, which takes forever anyways, then on top of that, you have the these incredibly deep wallets, you know, 10,010,000 plus, deep wallets.
Like, I have one that's new, and it's at 10,000. So 10,000 plus, UTXOs, and I have to wait for the bloom the bloom filters to come through. And it doesn't work for all the different address types. Well, I'm sorry. Like, that's that's silly. Like, I don't know why that's even mentioned. But, yeah, it's not 2 different models because they literally provide the same exact transaction. And no one using it, no one no third party can sit and look at the blockchain and tell me and because that's what this is about. It's about, do you get blockchain, transactional privacy? You do. Right?
If you somehow if somehow you were using Samwise server and your shit got like, their server got hacked, like, then you should take the appropriate steps, which should basically should be moving your funds if you didn't already spend them. Move your funds. Yeah. Right to the index club, right, and back at Vidyoja. But, like, everything else right?
[00:41:50] Unknown:
Wait. But let me Zolka, let me ask you. How would you know that they got hacked? Would are you just relying on them telling us? What do I trust to disclose something of that severity?
[00:42:01] Unknown:
Yes.
[00:42:03] Unknown:
But what if they don't?
[00:42:05] Unknown:
Then my like, I had that much trust in them just like you guys would disclose anything, like, similar to that as well. Right? Like, people buying stuff. I mean, we both we both are in companies that sell nodes. If if our server got hacked, would you not do the moral obligation? Wouldn't you have a moral obligation to tell your users. Correct? Like, that's of course, I'm going to trust them. If they didn't if they didn't, then then, yeah, that's on me. Right? Like, if it like, I made I took that chance. I took I accepted that that risk of using a light wallet.
They I mean, like, not to mention that they're one of the few I'm not commission. They don't have a few, like Right. Developers that has a canary. Right? So if that canary is not updated, then I know that that they've been compromised.
[00:42:56] Unknown:
But we have aren't canary at start 9, and it makes me laugh every day because I can't believe anyone actually takes these things seriously. You're expecting the FBI to go, hey. And by the way, you can't tell anyone that we've approached you. And you go, uh-uh. We've got a warrant canary. We're gonna take it down. And they go, dagnabbit. You got us again.
[00:43:17] Unknown:
Work. Oh, warrant canary. That's not how warrant canary and carries work.
[00:43:21] Unknown:
Look. If you take it, you're supposed to be able to Yes. I no. I know how Warren Canaries don't work. They are security theater. Okay. But how do they work? How are they supposed to work? In theory, they're supposed to get around the fact that you can't disclose that you've been approached by law enforcement, but you can remove something that says you've never been approached, and that gets you around the fact that you're not actually telling people something. You're removing a statement, which is not in and of itself speech. So
[00:43:51] Unknown:
you're saying that you would modify the warrant canary? No. Isn't the way warrant canary is The warrant canaries would work is that I if I got approached, I wouldn't re I wouldn't renew my Warren Canary. Yeah. So in my Warren Canaries
[00:44:03] Unknown:
update. You constantly update Warren Canaries.
[00:44:05] Unknown:
Kinetics and ideas that But in the months, no one gives any attention to Warren Kinaries because Samura themselves made a Warren Kinary that says if we ever incorporate, I think their wording was anything that isn't Bitcoin, we've been hacked. Then they implemented Monero. Implement Monero. And they ordered. But they didn't implement Monero 1,
[00:44:23] Unknown:
2. Like, this is like, my I know I said on Twitter, like, you're out of element. This is one of those times. Like, you're out of element. They have not implemented there's no Monero in the wallet. They've never implemented anything that Yeah. Yes. That, like, puts Monero on the wallet. K? So, like, when they're talking about, when they're saying that, they they actually mean putting a a an alternate coin into the wallet. Sure. Right? Okay. Let's go look at their warrant canary and understand what they're actually saying. And warrant canaries work by saying that you're not going to reinstate or renew that warrant canary after you've been approached. And there's not that's not a, hey. I have to go and tell everybody. That's just a silent means. Right? Weren't a canary in the coal mine. It is a way to disclose to the community and all the users we've been compromised or something happened, right, and we didn't update it. Okay. But Because they can take your social media. They can take everything else, but they can't force you to renew, right,
[00:45:22] Unknown:
to renew that that same warrant canary. Let me just jump in here real quick. I think both of you agree that you have to trust samurai to under to know that there's a breach and to disclose that there's a breach. Mhmm. I think both of you guys agree on that statement. Correct? Yeah. Absolutely. Yes. Whether that's through a Warren Canary or through a Telegram message out to a trusted
[00:45:55] Unknown:
and it comes down the the reality is that this whole thing comes down to to the client portfolio. This comes down to people, needing they need a, they they need the privacy from, you know, from their government or from what whoever else, right, from law enforcement, and they're willing to accept that. And I know that because I've, like, specifically talked to tons of people, right, from other countries that don't that that do not trust their government with anything. I mean, most people don't trust their government. They're Bitcoiners now, but, they specifically they fear the government more, right, than this, you know, crazy weird threat model. K? So, like, people in South America don't give 2 shits about it, and it costs more, and it's more obvious that they're doing something nefarious, right, or suspicious rather, if they are have this huge influx of data being pulled at their house because they're running a node.
Right? They're downloading the blockchain like that. Those are things that they worry that their government will be more keen to than using some mobile wallet, right, in a light light wallet mode. So, like, when we talk about that and and even, like, you know, you can you can extrapolate to anybody that's, like, you know, an uncle Jim. It that's a threat model. I don't care. Like, you we can say whatever we want. Uncle Jim's great, but is it a threat model? Sure. If we're gonna play play the game, then play it all the way out. You know? Like, every like, your your idea is that, is that everyone like, every wallet should be ran by your own node only. Because if you're not saying that, then every other wallet is is also fucked.
[00:47:36] Unknown:
No. I'm not saying that. I'm saying you need to run a node if you want to use samurai in a way where the Chaumian blinding is not a larp.
[00:47:46] Unknown:
Is not what?
[00:47:48] Unknown:
A larp, l a r p. Sorry. My English accent is sort of off. So it's LARPing. Right? Because
[00:47:55] Unknown:
what they don't know, those other people, if they didn't have the chimney and blinding, which for those of you who don't understand, that is how, that's the coordinator, the blinded coordinator that's creating the transaction. Right? So and you you can tell that this happens in your Samura wallet. Right? Because after your your mix right? Before you mix, you have an IP address. After the mix, you it says you have a new Tor sorry. You have a Tor identity. And after that, you get a new fresh Tor identity after the mix. So what you're saying is that that tour or that coordinator is a LARP because it has it might have a user in that 5 person mix that is using a light wallet. That's that's the stance that you're taking?
No. Not necessarily. So you're just saying you're just
[00:48:43] Unknown:
And the coordinate hold on. I'll characterize it myself so that it doesn't get wrongly framed. I'm saying that having show me and blinding in a setup where you have to trust the coordinator with your ex pub in the first place, you're you're obscuring something, and you're revealing it at the same time, which is stupid. Why bother obscuring it if you're going to reveal it? Not every user is a light wall user.
[00:49:11] Unknown:
I'm not talking about the other user. It it has to go in for all the anyone that's putting in the input. Right? Anyone that's that is partaking in the mix has to get blinded. I guess they don't have to. Right? They could just choose to not have a blind coordinator. They could just have a a clear and obvious coordinator, but they clearly don't do that. Right? Because that wouldn't Oh, they're blinded from each other. It's blinded from them and from everyone. The only time that they don't that that doesn't correlate over, that that what my statement isn't true is for this case for the light wall because they see that the UTXO after. Right? But what you're what you're saying, right, is that why why do the the blind transact it's because not every wallet in there. They're not picking people. They're not saying, like, oh, this is gonna be a all light wallet, a samurai server mix.
[00:50:03] Unknown:
Right? So From the perspective of the user that is running a light wallet, they told me an element becomes something they just can't rely on.
[00:50:12] Unknown:
But, like, you're not I I don't understand your what your point is. Like, you're trying to say what? Like, that that the blind coordinator doesn't matter to these people? It doesn't matter to anyone? Like, I I don't think I don't understand because like, well, it uses mixed with Dojo users. So I don't understand your point. For the people that are using Dojo and Sparrow and all that because they are mixing with people that aren't really mixing or at least aren't getting proper privacy from their mixes. How do they not? See that you keep saying they're not getting proper this is where I I, like, get frustrated because you keep saying a proper proper privacy from the mix. They are.
They are. Until the day until like, you can come back later and tell me later on, like, I told you so because SamRack gets hacked. But until that happens, you gotta tell me how on the blockchain, how these people do not get privacy from going through Whirlpool, whether they're on LightWallet or Dojo. Right? They or Sparrow or whoever. They're all they're all mixing together. It's one liquidity pool. I don't understand why, guys I don't understand how in the immediate moment right now, there's never been a hack. Right? There's never been a hack. There's never been anyone arrested using Samura Wallet. There's never been anyone, like, taken down because they use trace through samurai wallet. So I need to know how this is an immediate threat model and that these people are right now losing privacy. They're not getting privacy when they're going through Whirlpool as a light wallet user because everything else that that if I look at any sort of Whirlpool transaction, I can't fucking tell if it's if it's a LightWallet or if it's a Dojo user. So I need to know how they are losing right now. Like, not not in the fairy tale situation.
Right now, how are they losing privacy? Because that's the statement that I have an issue with.
[00:51:59] Unknown:
Yeah. Sure. But, I mean, you're saying they've never been hacked, and I'm saying how do you know?
[00:52:04] Unknown:
Because if you don't think that Ceramic would have gotten hacked, number 1, we would have seen arrests. Correct? Why else why else would you hack a privacy wallet server?
[00:52:15] Unknown:
For the same reason you let people stay inside criminal organizations
[00:52:19] Unknown:
as rest. So just to sit there and and let them continue to make money. And, like, you don't think that after all of this, like, you really think that I mean, like, I gotta say, if you if you think that Samwise Wallet I mean, basically, what you're saying now is that Samwise Fed, That they're comp that you think that they're potentially compromised and that they would just continue to develop and operate as status quo. Right? I yeah. But then Guys, I think That's we've already
[00:52:50] Unknown:
insane. We need to pull this back because I think we've already all agreed that that you have to trust samurai to know that they're compromised and to admit that they're compromised. We we this is part of the trust model. I thought we've all agreed on this already.
[00:53:07] Unknown:
Yeah. I definitely agree with that.
[00:53:09] Unknown:
The I wanna I wanna bring it back to another real world scenario for a mechanic, and then we can continue. So you're you're you're an employee in Spain, and you're getting paid by your boss. You only have a mobile phone. You receive your payment to Samurais. You don't use your own node. You use Whirlpool collaborative transactions so that your boss doesn't know your spending habits. Is that an improvement over not having samurai like client mode?
[00:53:43] Unknown:
Yeah. Absolutely. Like, there are certain circumstances in which you're comfortable with a VPN knowing your browsing habits, but not your ISP. And that's exactly comparable to using Samurai instead of just doing everything on chain. I mean, when I say on chain, I mean, without any sort of privacy practices at all. So wouldn't that warrant the light client mode existing? As long as the risks are explained to users? Yeah. I'm I'm happy to walk back from my original, post on Twitter and say there are reasons to use it. Just like I would say there are reasons to use a VPN. I just don't want people thinking that using Tor is better than using a VPN. It's totally different. It's not, it it changes the whole model of what you're doing, and they are in different worlds even though they look similar. I think it I think the analogy holds up pretty tight. Like, samurai, like client usage, is like using a VPN. It crudely gets around stuff, but you're moving trust, to something else rather than getting rid of trust, which is obviously better. It would be great if we didn't have to trust samurai at all and still be able to use light nodes. That would I'm sure you agree, Zelco, that if you could use samurai without a full node and didn't have to trust them at all and not just go, they've probably never been hacked. Like, it would be a lot better if it was like, yeah. If they got hacked, it doesn't matter because they don't have any valuable information.
That would obviously be better. Right? I'm sure you agree with that.
[00:55:14] Unknown:
I mean, like, is there sure. Like, if there was no if there was no server and everyone you know, they had a different model, maybe. I mean, I would have to see what other potential options there are. And right now, there are no other potential options that serve the mass amount of users, right, to serve the people that can't that can't or don't run nodes, but still need privacy. So the until there's a solution that works, which, as I've already said, bloom filters would not work. And I know that SamRite Wallet would love for there be a solution for that not to be there. Like, they wouldn't develop the stuff that they have. They wouldn't develop Dojo if they wanted people to just stay on their server. Right? Like, it it's it costs more, right, for them to run a server and beef up at the server, add more, add more, like, like, hardware to their server, right, so that they can provide for all of these different people. Their server cost would go down if they didn't have to provide a server to people. Right? So it's better for them. They like that people run Dojo. They've always told since they released Dojo 1 point o, and I'm glad that I've been around since then, they've always wanted people to just run their node or to run Dojo.
Like, they don't want people to be on there. Everyone and that's why and you see it. Right? You see it because stuff is set up that way. All, obviously, all the warning signs. Right? But, like, then you go into, like, the actual remixes in Whirlpool. People who are remixing are generally who? They're generally people who are running a full node. Right? Because then you can just let it sit 247, and that's how you get those remixes because it's just running in the background. Right? If you have to keep it open on your phone, you're not gonna you're not gonna get mixes. It's very rare that people get mobile mixes, right, because of how big the liquidity pool is. So, like, to me, everything indicates that they want they they would love for a solution to be there that would actually work and provide the same level, same user experience that they have right now.
Right? I I can safely attest without being being, like, in on their team that, of course, they would want something that would work better, but right now, there isn't.
[00:57:30] Unknown:
Okay. So, first of all, I said it earlier, but we were talking over each other. I just wanna clarify. Bloom filters are old tech. It's different than block filters. But block filters, as it currently stands today, are too heavy to use efficiently on mobile. I think you both agree that if if you both agree that in certain situations, if the trade offs are made clear to users, the light client mode, the the ability for mobile users to to use transactional privacy tools to get additional privacy under a certain threat model, is valuable to certain users.
And then I think you both agree that in a perfect world, that light mode, that mode without a user using their own node would not disclose transaction information to samurai servers. I think you both agree on both those statements.
[00:58:36] Unknown:
Yeah. Pretty much. I mean, what, throwing back to what you said a minute ago or actually quite far back with your question of, you know, if it comes with sufficient warnings and stuff. I mean, I don't know, what the warning is on Samurai exactly, but my thought on that is that if the warning exists that says, oh, if you're not gonna use Dojo and you're going to you're going to trust our server, in doing so, if there's ever a breach on our side or if we're bad actors, the privacy you have here can be completely undone. I just don't that would be the warning I would put on there, but I just don't think I would never develop the software and put that warning on there and just go, should I just get rid of this feature altogether? Because the fact that it's so bad means I'm basically telling people not to use it. Like, that to me is a a a a fair reflection of what you're offered when you use it with a light client. And I think it's you say, Zalco, that they don't wanna be, hosting people all the time. They don't want people to be using their server. They want them to use Dojo. I'm like, okay. Great. Then we agree. Get rid of the feature that allows you to use a light client at all. You can't. Like, you you can't just get rid of something that negates out,
[00:59:48] Unknown:
like, potentially 1,000 or however many. The a mass amount of users who are using light wallet because they have to. Right? You're taking away people's ability to to have on chain privacy that we've already discussed, right, because of what it looks like, right, because of, you know, this this niche, potential, like, potential thing to happen, which which they disclose. So, like, I don't know. I I, like, I don't see why like, I I don't I don't see the benefit of taking away a tool from people who need it. And that's really what I mean is need it. Right? We have a lot of people who who try to who, like, wanna take privacy seriously, but they don't actively need it. And then there are people who need it. There are people who live in countries where they need financial transaction privacy transactional privacy. Like, they need it versus, like, I'd like to have privacy.
Right? So, like and I'm not saying I want everyone to be private, but, like, there are people who, like, life and death need need these kind of tools. Right? So you don't need So what so so as I've said as I've said, right, there are plenty of of other trade offs to running the node that's just as as risky as trusting Samura Wallet. They understand the threat. That's that's why people still use it. Like, if you think that, like, people who are in those risky situations will look at the trail.
[01:01:19] Unknown:
There. I'm saying that if privacy is that important, and I agree with you it is, it's life and death in some situations. The last thing you should do is be trusting a third party with that information. But it's not a third party.
[01:01:30] Unknown:
It's them. You're trusting the wallet that you're using. The wallet could be nefarious. Like, any any other wallet, like, I could use Not a problem. I could use the name of wallet. About the fact that people are using a binary that they can't reproduce and be build, pull from. Okay. So then we'll go to a different foot. Do we wanna transition to that one? Well, if you like, but it's a different issue. Sure. It's a different it's a different, you know, goalpost. Sure. Well, I don't know. Because, like, I've built it from source, like, using like, actually using the tools and built it from sources, YouTube videos of people building it from source and reproducing the actual, APK. And then there's people that actually understand how Google APKs work.
Right? And how the reproducibility doesn't mean shit. And it's a really stupid conversation to even be having, to be honest. Because if you really don't trust the the Google APK and you wanna use the the correct APK, right, you just go to their source. You check their, you do a checksum on, their actual release from their website, and you download from their website, and you check the code and make sure it verified just like you would for any other desktop wallet or anything else that you use. Right? So you could do that, and you would have the reproducibility that that you wanna complain about. Right?
And, otherwise, like, the like, this conversation is totally separate.
[01:02:50] Unknown:
I agree.
[01:02:51] Unknown:
Okay. Because reproducibility on a Google APK is the is the most bottom bottom of barrel thing, and it's been so over it's been so, such a shutdown conversation. Like, we've debunked that so many times. I've debunked this one so many times. It's it just blows my mind that, like, that that's why like, if if, like, my if my debate was enough and then we had to transition over to reproducibility, it's like, okay. Like, I mean, we can we can hit all the fun. I don't care. I've I've been doing this for a long time. But just understand, like, the reproducibility thing,
[01:03:31] Unknown:
is I I'm not saying
[01:03:33] Unknown:
and led by a person who has a personal vendetta, like, against against Samuari in particular. Right? But,
[01:03:42] Unknown:
it's old FUD, debunked FUD, and it's not even, like Right. Again, I wouldn't characterize my position as, wanting to throw FUD, and it comes as disingenuous and hateful and all that stuff despite my original tweet. What I want to do is love it and encourage people to use it, and I'm close to being able to do that. There's one feature that I think is doing more harm than good that if it could go, would be a net win for privacy in the whole thing. Like, I'm Yeah. As I said, let me like and celebrate a bunch of the decisions made in the development by samurai. I like, Sparrow. I like your project running Dojo. I like these things.
What I have an issue with is one element of it and how it's characterized. And you've impressed upon me over and over again the life and death, the importance of privacy. And I'm saying, exactly. If privacy is that important and the difference can mean your death, then you can't ever tell people unserious solutions that might have an issue. Like, you need to be as forthright as possible. Like,
[01:04:39] Unknown:
there's no Which which they are. So the I mean, that they are that forthright. Like, that is that is well, like, I mean, that you can have your opinion, but you you've already said that you haven't seen the warning. You haven't seen any of the pop ups. So I encourage you to, you know, download the wallet, start a new wallet, try to connect to their server, and see all the all the warning signs that come up, in addition to the fact that there's, you know, been 0 arrests or 0 issues with any of it. Right? So, Yeah. I I, like, I had a I had this point, and then you threw me off with that last one. But, yeah, I'm I'm just still kinda baffled by the fact that we think that it needs to be a node backed only, because it it doesn't take away from anything that a third party sees. Like, it just a third party would need to actually have the information that you're talking about.
Right? I want everybody to run a node. I hope everyone does. But, it's it's just like you said, it's it's not something that can actually work in all the countries. It's things that in other countries running the node could be the thing that gets you compromised, right, which we don't we like, you keep passing over. Right? So what do you tell those people? Like, that their their Internet, usage is is, what's called, monitored. What do you tell those people? Sucks and suck?
[01:06:11] Unknown:
No. I'm not saying that samurai with a light client doesn't have a valuable,
[01:06:16] Unknown:
place for people. But you can't use the the tools?
[01:06:22] Unknown:
Yeah. I don't have a problem with people. The their threat model is if I run a node, I'm in trouble, but I need privacy anyway. Then, yeah, their best bet is likely somewhere with a not like client.
[01:06:35] Unknown:
Okay. So, I mean, that it's exactly what I've been arguing this whole time. Yeah. That I don't think so. People need it. Some people don't have a choice, so you can't take away. No use case, Zalco. I'm saying that
[01:06:48] Unknown:
just like using a VPN to get around geo blocking, it's not the same thing as using Tor. They're they're just not the same.
[01:06:57] Unknown:
Okay. So so now Samurai with Zoho is Tor, and samurai wallet is a VPN?
[01:07:05] Unknown:
Yeah. I really think that analogy holds pretty tight. Oh, by the way, this douchebag who just asked, sorry. That's his real name. Is Ronin Dugger available in the Start nine marketplace for one click install? I'm sensing some underlying tension here perhaps for business reasons. There isn't this is a I should say really clearly, I'm not talking for start 9 here. I'm talking, on behalf of just myself, and there are people in the Start 9 company that actively really like Dojo and want it as a part of the Start 9 stack. I don't know if it would make it into the official marketplace that we offer, but, you know, it would definitely be available in the community marketplaces that are, I guess, coming.
[01:07:45] Unknown:
Yeah. There there's no, business tensions, to be honest. If there was, there'd be there'd be a whole another thing. But we had we had that note debate before.
[01:07:58] Unknown:
Someone else was in online.
[01:08:00] Unknown:
Just to be clear to the podcast listeners, that that was that was a freak named this douchebag on Twitch that he responded to. I just want everyone to be aware of that. Yeah. I wasn't I wasn't a reminder to Velcro.
[01:08:14] Unknown:
Someone will talk to you as dot 9 open source. Depends on how you define it. Some people say technically No.
[01:08:21] Unknown:
Don't do it. Don't do it. Don't do it. Just say no. Just say no. It's okay. It's okay. We've been doing that help. Just don't
[01:08:29] Unknown:
I'll tell you that it's this is what's good available, so you don't need to trust any of the buyers. Available is not there. It's not it's not fully frost, but it is on a rolling window. So every few months, all the releases become full frost.
[01:08:44] Unknown:
Yeah. That's so it's not yeah. Okay. So I have Wait. We're not having this debate right now.
[01:08:49] Unknown:
If
[01:08:50] Unknown:
was not we had a very long conversation about this until dispatch 26. If anyone listening wants the answer to that question, just go back to Citadel dispatch 26, and it was very
[01:09:03] Unknown:
Yeah. Every different we have. But I'll tell you matter of factly what's what exists, which is the source code exists. Go use it. We'll help you build if you want. If that's not good enough for you, fair enough, but it it is what it is. I'm not trying to misrepresent it. Yeah.
[01:09:17] Unknown:
Yeah. It's
[01:09:19] Unknown:
okay. Great, boys. Look. I think I I I think everyone here is more or less on the same page, and I don't know if going further really is productive at at all, unless unless you guys have something specific you want to touch on here. But but my my understanding here after this hour is mobile privacy tools are are useful to users. It's good that we have mobile privacy tools. Some users aren't gonna be able to use their own node. Going forward, it would be best to minimize the amount of trust in any company when it comes to using those tools. But right now, it does require trust in Samura.
[01:10:05] Unknown:
Yeah. So good, better, best. Right? Like, good, use Bitcoin. Better, use Sami Wallet. Best, use Sami Wallet with, with your own Dojo. Right? Like, I think that's pretty straightforward and, and easy to to digest. If you really don't trust all that stuff, right, like, then run your own. Like, it's it's really that easy. I've like I said, I only had an issue. I I mean, I have I I don't mind. I want people to run full node. Like, that's why I've I've helped other node projects. I've done a lot, and I've I always wanna harp on that. But the reality is that we need to, we need to provide tools. We can't leave people out just because, and people are going to make their own decisions no matter what.
It's important to remember that, you know, there's never been any any arrests led from a Whirlpool transaction or from a samurai wallet user that's been reported. Right? There's there's never been people, like, found on mixing their nodes, anything like that. When there's an issue, there's something that's been disclosed. Right? And and so when it comes down to this, like, some people need it, and we're not gonna take away like, I would not advocate for taking away a tool, to people that that need it, and they need to only use a mobile wallet. And then, you know, on top of that stuff, like, it's it's great that Sparrow has it as well. They also if they're a Lite Wallet user, or let's put it frame it I'll say light wallet. They don't have their own node, but they still use Spare Wallet. Right? You're still trusting a node to have have your information.
So it's just important to to keep all that kind of stuff in mind that there's a risk trade off with everything that you do. Understand the risk, and figure out what's best for you. Right? And, you know, if if you find that you don't wanna trust Sami Wallet using a white wallet only, great. You run run-in dojo. You can run it, you know, you can run it on whatever device that you, you you know, whatever single board computer that you want, or you can buy a Tanto or whatever that that we have available. But, ultimately, on chain, no one can tell the difference between someone that got a mix as a Sparrow user, a Samurai user, or a, or, like, a, run a dojo user. So, what it comes down to is what does the blockchain say, and are we are we protected from chain analysis and law enforcement?
And that answers yes. So use the tools. That's that's definitely what I would have I would have to say with it. And if you really don't trust any of that stuff, use the stonewall stowaway. We had a good time doing some live demos at Bitblock Boom. So, you know, use the tools. That's what's most important.
[01:13:18] Unknown:
Should I, sort of give a summary of my position? Yes. Yeah. So I think we're seeing a lot of, attention from law enforcement now. Obviously, the the debacle with Tornado Cash was sort of a a wake up call for a lot of people. Like, a lot of developers sort of, if you read between the lines, said, that's it. I'm not working on Bitcoin Core anymore. And, you know, you make the assumption that they might come back as anonymously or something like that. It's not as if we don't have good precedent in this space for, if you're going to develop controversial software, do it anonymously, like, I mean, Satoshi, obviously.
So that being the case, don't paint a target on your back if you are with the best of intentions and a good actor, like in the best case, so now, samurai is. The fact that they have this data or they have the potential to keep hold of the records of that can unmask some of these not unmask to be phonetically correct, just to undo the effect of the coin join as a separate issue from then connecting an identity to the whole list of addresses you get. If they have the intention, and they certainly have a history of doing stuff like this, law enforcement, I mean, don't give them the opportunity to do it. And I'm really sure that this is encapsulated well with the adage of can't be evil is greater than don't be evil. Like, you don't want privacy policies. Like, is is someone gonna come out with a statement saying, we we promised to not leak your I mean, they effectively have. So I'm saying, I think that the the trade offs for this thing existing, I while I do acknowledge, the use case that some people have that can't afford to run nodes, I think it's pretty niche, to be honest, that running a node would get you in trouble and that somehow using Samurais, with a light client somehow gets you around that.
I mean, we're talking 500 gigabytes. It's not a lot. That's like a couple of days on YouTube or Netflix. Like, if you're connecting over Tor, you should be alright. And given that you need Tor to use the summary thing in the first place, then I don't really actually, I I think I'm gonna take that back. I don't think I appreciate that there are, use cases for using samurai in light mode, because you can't run a node without getting in trouble. I don't really think that's a valid argument. So, I take back that olive branch. I think I'm just gonna say that I think the effect of it existing, if we love samurai and and appreciate the team, they are just painting a target on their back, and we know that controversial software like this, attracts law enforcement and gets people in trouble all the time.
So don't do it. But given that's not really my position, I don't I don't think that. I think that, potentially, it's a lot worse than that. That means I would just advise people, let's not use, you shouldn't use samurai in a light mode at all. And the fact that it exists, makes me question, a lot of other things about the project as a whole. And it's not like every project in the world or any project is perfect. There's going to be compromises in the design of everything or just the sort of political choices. Like, wasabi is obviously compromised in a lot of people's heads just because of the choice they made to comply with law enforcement.
So, remember that. Yeah. That's pretty much my position on it. I would advise people not use, I would advise people not use the like client because I don't think it's serious privacy, and I would advise people not use, other things, where they use samurai without relying on samurai servers, because in those instances, they are mixing with people that are potentially, leaking their xPub, and thus, the coin joints become something that can be partially or fully undone, which, gives them, a far weaker assumption of privacy than if they were to use something else like joint market or Wasabi.
[01:17:13] Unknown:
Man, I knew that one was coming. Hold on real quick. So, again, it's not been any so I I just, like, I fail. I'm not like, I wanted to end with this, and I'm sorry, Matt. But, like, I fail to see how anything's being unwound. Right? Or people are losing privacy by mixing with with, semi server people if there's ever been a hack. There's never been any people getting arrested, which you would see if there was a hack. You'd see people getting arrested. You would see things happening. You would see any shit in the news. Right? Because that would take down their monetary, their financial means of of maintaining themselves. It's okay. You should still assume you should still assume. You can you can assume that that everyone's salary will be compromised. Sure. At some point. Sure. Sure. You I mean, you could you could assume that. That's fine. It's a safe assumption.
Sure. Yeah. Yeah. But, like, it it still goes back to this, like, point of, like, when, one, like, you mentioned, it's better for people to use Wasabi Wallet, over Standard Wallet. 1 works with like, openly works with chain analysis, and has terms and services. Does it they will they'll they'll work with law enforcement, versus one that doesn't even have a terms and service. Just use it what you want or fork it and do whatever you want with it. Build it from source. Do whatever the the hell you wanna do. And has implemented all the tools to make it so that you provide no no information to them.
Right? The minimal amount of information possible. And then on top of that, I I fail to see how that unwinds people's mixes, and that's only in this fairytale situation that something bad happened and that whatever. So, like, I I just, like, you know, I figured we that it would shift into that. But, like, to to think that, like, the the majority, right, the majority of a mix is to even think a majority of the mix is,
[01:19:20] Unknown:
is light wallet users is pretty silly. Yes. I question the one. I can't juxtapose or reconcile these two things. On the one hand, sorry to drag it out. On the one hand, I'm saying you're telling me that privacy is life and death, and on another hand, you're saying a real situation that could compromise the privacy is just fairy tale. That's the thing where I'm like, I don't think you're being serious about the risks that you're trying to impress upon me.
[01:19:45] Unknown:
No. I'm saying that, yes, like, there is, like, privacy in other countries is life and death. Right? And you're talking about a situation where those people, right, need to figure out a way to transact. Right? They have to. Right? That we're we're talking about people that are in, you know, in banned countries or whatever whatever you wanna call these these other places, right, that are in 3rd world countries that have horrible dictator like leaders like, horrible dictator like, state government. And they're supposed to be more concerned with, with a server getting hacked, which, like, you you're talking about any of these other KYC services, anyone that has any sort of actual information that they wanna go for for a samurai, which sure. They they maybe they have a a target on their back.
Right? But you're telling me that that they're gonna go for that. They have no other information, but they're gonna go for the place that has doesn't have any information other than, like, the actual expos, but there's no PII that connects to them. Right? So why I say it's a fairy tale thing? Is it because people in the moment need to do what they need to do to to, like, either survive or transact the way that they need to in that moment, and they need to do a privacy. They need to do it privately. Right? That's why the initial mix in that, like, fat that first one is almost always fast, right, depending on how many people also try to mix. But if it's a smaller pool, you're probably gonna get that first mix instantly. You can do it on your mobile phone for that reason. Right? Because Bitcoin's for the streets, and these people need to operate right there so that they can continue to go forward. Now remixing is normally done by people who have dojos running 247. So there continues or their Yosin Sparrow or whatnot, and they have their computers on. They're running 247, so they're gonna continue to get remixes.
Right? So maybe one of those people are gonna be a semi light a light user. But I I say that this is a a fairy tale thing because it it's not like, it's something that in the moment, someone that isn't someone who needs a transact isn't gonna give a shit about. And I know that because I've talked to many people who don't care. I've talked to many people who don't have the means to to do the node thing right now, and they're like, I just need to transact. I wanna do it privately, and I need to make it happen. Right? So they can use it. They could use the same amount for one transaction if they wanted to. Use it, mix it, send it. And how how you're justifying that I'm making this into something that's not life or death, I'm just saying that this this theater that we're creating is, something that doesn't apply to real people in real life.
Like, it's something that they are willing to accept. Right? They know what they're doing because they're already trying to act privately. They're willing to accept it. Right? And they're doing it. And by saying, like, oh, well, like, you don't care or you think it's a, you know, a fallacy that I care about, you know, people using server. I want people to use a server, but or I want people to run their own dojo. But, honestly, like, if they know their their, threat model and they're willing to just say screw it, I'm I'm gonna accept the risk that comes with trusting SamRite Wallet. Since I'm already using their wallet anyways, I'm gonna trust their server, and I'm just gonna make this happen because I need to do this transaction.
So, yeah, I'm saying in terms of, like, real life people, it like, this theater is maybe fairy tale was wrong word. This theater. Right? It's that's why I said it's it's like white knighting or, like, white knighting running a node. Like, I mean, like, I could preach all day about running a node, but, like, it'll probably help my, you know, run a dojo sales. I don't give 2 shits about that. I care about people being able to transact. I want people to be sovereign. I don't want people to use server. I want everyone to do all the things that are necessary to be a private individual. But if you need to do it and you are willing to accept those, you know, that trade off, you're still gonna have, immediate you're going to have immediate unchanged privacy, right, from a 3rd party observer.
Is not a 3rd party observer if they're your node, right, just like with any other node. So, I, yeah, that I I figured that that was gonna happen. I didn't think it was gonna happen. You were gonna bring that point up at the last point on your closing statement, but, like, it's pretty disingenuous to think that you're gonna unmix everything when you have the the vast majority of remixers are, are dojo users, so or Sparrow users.
[01:24:26] Unknown:
Yeah. But, I mean, well, Sparrow is, like, an onset of 5. Right? It's not it's not a lot of effort if, you know, if a couple of those people are using like clients and summarize, then whoop dee doo, you got a coin joined with an an onset of 3. Like, that's I'm not exactly sleeping well at night. So you don't
[01:24:49] Unknown:
so I like, this is a whole another conversation. And, again, kinda like when I and I didn't mean to be an asshole, and I don't mean, like, when I said, yeah, you're out of your element. You're out of your element. Like, if you don't understand how Whirlpool works and how forward and backwards privacy works, the end of the debate isn't the right time to do that, but you continue that's that's why they we encourage remixing. Right? That's why we don't say mix once and leave it. Right? If you needed to and you just needed to break immediate ties and spend immediately, sure. Like, you've broken deterministic lengths.
Remixing is better. Remixing will continue to be better. And it you gain privacy whether you remix or not. If you don't understand how remix it like, how forward and backwards privacy works with Whirlpool,
[01:25:39] Unknown:
Mhmm. There are many articles on how it works. Increase the onset. I'm just saying that if you use it at the minimum, it's not particularly comforting.
[01:25:47] Unknown:
I'm aware that you can continue to engage in more Comforting to you. Free. I'm aware that you do that. Sure. Comforting to you. That's again my point. You keep framing these things and these, like, statements as if you are the end user for all these people. Like, you are not you are not necessarily the end user. Like, unless I'm not. I mean, do you but, like, are you in a, like, a a third world are you in Iran or a third world country that you have to be worried about this? Probably not. You know, it's somewhere we're at Right? But you're not in a in a country that has to worry about that. Right? So one mix might might be enough for someone in one of those countries. And if it is, then they're gonna do it, and then they're gonna move. They're gonna make their transaction
[01:26:27] Unknown:
and carry on with their life. Well, funnily enough, country that a lot of people got in trouble for donating Bitcoin specifically to a controversial political movement. I mean, I e Canada. But, I mean, I'm not trying to play I'm not trying to win some competition for me being the most oppressed or, like, win a a victim hierarchy thing. Like Yeah. My point is that I agree with you that these people are I mean, okay. I've made this point too many times. Matt, do you wanna read Shinobi's tweet at you? That was kind of interesting. I haven't Christ. Shinobi Shinobi say? He said, why is online not implemented a scheme where Postmates XPub is never revealed to their server.
You never receive money to Postmates unless you sign a transaction yourself where you can just locally case that UTXO and never need to query the server. It's a good question.
[01:27:22] Unknown:
Why you can't, I'm sorry. I just, like, can't handle fucking anything that Shenobi says because he's just off the off the rails 99.99% of the time. But Wait. So we're gonna something where they don't see the expo. If you don't have the expo, right, for post mix, how are you going to refresh someone's wallet? How are you gonna shoot them their balance? Sorry. Could you repeat? If someone so, like, even if I'm on my dojo, right, I run my own node, same thing that the semi semi server. Right? If I if we have some scheme where it doesn't give the x the post mix expo, how are you gonna refer how are you going to give them, how are you gonna show in the wallet that you have a balance?
[01:28:09] Unknown:
I think, that's not the issue. It's just why even take that, unnecessarily take that XPub in the first place? You could just literally not take it, and it wouldn't it wouldn't it doesn't affect Samura's ability to do what Samura does with a light client
[01:28:24] Unknown:
if you never take that info in the first place. And then all your arguments remain valid, and they just have less data. Which doesn't make sense. Like, again, you can't, like so you're saying use a light wallet. Right? Use the you connect to their server. They would only have your deposit, x pub, but they wouldn't have your your pre or your post. But they're still supposed to have all the same like, be able to transact the same way. How how could you transact with a constant to 0? Shinobi is saying Shinobi is saying
[01:28:54] Unknown:
you have you have the premix XPub, but the postmix XPub is not shared with Samurais servers because if you're sending to post mix, you're sending to yourself. So the server wouldn't necessarily need that at time of of receipt post mix. But I I think I think How does it how does the wallet I think when it the the issue really comes down when it comes time to spend from the post mix.
[01:29:25] Unknown:
Oh my god. I can't even this is why I don't we can't, like, even You would need to know your balance and to,
[01:29:32] Unknown:
broadcast. But I guess you would you can know your balance presumably. You can know your balance presumably because you know that for the post mix. Yeah. You just can't spend from the wallet. Look. I I think I think that's that's you know, I first of all, I appreciate Shinobi participating in the show. I wish you would join the live chat that the show has so that we could see it on screen. That'd be all. But, I I I think you both agree. I know I agree with this statement that the less information samurai knows, the better. Mhmm. And my understanding is that they're trying to know less information over time.
[01:30:15] Unknown:
Yep.
[01:30:17] Unknown:
They're just not there yet. And I I personally I know I'm not supposed to be a part of this debate, but I personally would like to see more privacy focused tools for Bitcoiners, specifically on the mobile side. I think if you're on desktop, you have decent options right now. If you're able to use your own node, you have decent options. I would like to see as many mobile options as possible, and we just have not seen that yet, unfortunately.
[01:30:47] Unknown:
Yeah. I'd argue the trade offs with mobile are too severe for them to be,
[01:30:52] Unknown:
taken seriously. That's all. I don't But this is what like, I had I had wax mechanic. I had I had waxwing and belcher on, and they said if and I think a lot of Bitcoiners agree with this. If you wanna use Bitcoin privately, you shouldn't use a mobile phone. But the the matter the matter stands that there's gonna be 1,000,000,000 of Bitcoiners that their only computer is a mobile phone. Like, we keep talking about, like, the 3rd world or something, but, like, the same goes for, like, someone stacking with a KYC service like Swan and withdrawing it to their mobile wallet. Like, there needs to be mobile privacy tools, and they should they should, you know, take the least amount of information possible.
A a company should have the least amount of information possible when they're running it.
[01:31:39] Unknown:
I I think I would just reframe it slightly to it would be great if we could have mobile privacy tools that did what we want them to do, and it doesn't really seem to be realistically doable. Like, it's not like there's any competition because it's just basically, every team has come along and said, yeah. You can't do proper coin joints on mobile. And Sunrise said, yeah. You can. You just have to make this trade off. And I'm saying that's a bad trade off. Too bad for it to be something that I would recommend anyone ever use.
[01:32:09] Unknown:
I am, like I've already beat, like, this issue and to, you know, feel like I'm beating a dead horse if I continue to respond to the like, it's, like, recommending it to people or not. Disagree. Yeah. No. I mean, like, that's fine. Because, like, like, going through waves of stuff. But, yeah, I mean, I would love to see more more wallets utilizing it. And, honestly, if there when the day comes that there's a better way to support light wallet users with less information, like, you can guarantee that if it actually works the way it's supposed to, like, it'll be here. Well, I mean, it's actually real There's not. You know, there there's not a good way. Like, we've already kinda There might be. Touch on it. I mean, you've got Trezor integrating with Savi. Right? So you can run Trezor as potentially a You're not talking about a mobile wallet.
[01:33:06] Unknown:
No. I'm saying, that, Trezor can release something that can just as a mobile wallet, then can connect to their suite or whatever. There are ways around it. The the one And their suite is their own server, so, like, I No. No. You can't no. Trezza can connect fine to your own node, and it can do over Tor as well if you want.
[01:33:24] Unknown:
Why would why would you do that? Like, why would you even, like, have someone recommend doing that? You could just use Sparrow. If you're gonna talk like, I like, I just like, that's such a shift. Honestly, like Yeah. I realized that. Not there's not a bet like, there's not a better way right now. That's bad. That doesn't involve someone running their own node, which is exactly what you you just said. They were run they would be running their own node, or you're running a mobile app that's connected to this the treasury suite, which is connected to either your node or their node. It's still connecting to a node, and it's still Well, that's going back to a full node. That's true. Let me be clear. You still need to run a node, today,
[01:34:02] Unknown:
but you're still able to run a light client on your phone.
[01:34:05] Unknown:
Yes. I'm I run a light client on my phone right now, and it's saying my wallet. Right? But it's connected to my node. So, like, that's exactly what you just explained. Yeah. Right. Like, until there's a better way to run to, like, architecturally set it up so that light wallets only get, like, whatever information until something is, like, concrete out there, like, there's no reason that I would recommend, to the semi team to do away with and abandon their users that might need the tools. Right? Like, that's you can disagree. You can disagree and say, like, whatever. Like, no. They're they're larping. I I don't care. I know for a fact that there are people that use this because they need it, and, like, they don't care. Like, they don't care about that trade off. They're willing to accept it. So to just take it away now if there when that when that, you know, ability comes up, you know, to be able to do that and not have a central server, I'm sure Samara will be very happy to, like, not have to run their you know, decrease their server costs.
You know, but the you know, these, like, fairy tale fairy tale ideas of, like, some random solution that may or may not be plausible, you know, like, until someone writes some code that makes it that makes it sound concrete to something that actually would work, I wouldn't recommend just taking away tools from people just because, someone sees as a threat model, which Samurai also sees as a threat model, which is why they explain it to them. So, yeah, I like, people can disagree. People can, you know, say, like, you know, just samurai, well, it's great. Just use it with use it with a dojo. Right? Like, go for it. Right?
Yep. Very com But, like, just just understanding, like, how you how we say things is important. Like, saying, like, if you use Sam Rylie Wallet, you're retarded or saying which, obviously, you're you're trolling, but, like, going just continue to dive down into it or saying, like, you don't trust them because they have that model, which I explained is because of, you know, the history behind it, user activated soft work. You needed someone you trusted if you were running a light client. So understanding these threat models, understanding, like, you know, why there's why they're set up the way they are. And until something better comes out, they can't just take they they should not just take away the tools from people that need to use them.
And, like, 90% of the users are gaining privacy because they they care about privacy, not because they need privacy, but taking away from the 10%, you know, that actually need it is important. And I don't think we should be just taking it away, and they can accept the risk that that they've been taking. And, you know, you might disagree with them, but they're the ones living living that life, not you. So,
[01:37:15] Unknown:
yeah, it's kinda work. Yeah. I wouldn't I wouldn't disagree with their ability to choose. What I disagree with is, the assumption that they understand the risks they're taking.
[01:37:27] Unknown:
Okay. So
[01:37:29] Unknown:
we'll change the goalpost, and we'll Well, no. I don't think it's necessarily I don't think that's necessarily a goalpost shift. I mean, I think that's something that I I cared I cared a lot about, and I was really glad that samurai implemented the warnings in the wallet when you load it up. And I I don't know of any other I don't know of any mobile wallet, which are all primarily light wallets that actually notify the user when they boot them up that, you know, if you use this without your own node, you're screwing our privacy up.
Yep. I, or that you have to trust that you have to trust the company with your privacy to be more exact. I have a question for you, mechanic, because I'm a little bit of a masochist, and, I'm curious of your opinion. So, and when I say masochist, it's because I don't know. I feel like this conversation is is gotten a little bit tedious. So Sparrow, it's you know, so Sparrow is developed by Craig Raw. He's the lead maintainer. It kinda made a you know, it came it kinda came out of nowhere and has been it's it's my favorite desktop wallet now. He made an interesting trade off decision.
It's often compared to Electrum in in in its capabilities, but he made a different so with when you boot up Electrum, you don't connect it to your own node. It just connects to a random Electrum node. And a lot of a lot of people speculate that random Electrum nodes are run by chain surveillance companies and potentially governments or whatnot that are trying to track you. So people advise, you know, use your own Electrum node instead of using one of the defaults. On Sparrow, if you don't use your own node, which he makes it very explicit in the beginning when you're setting it up. It's like, do you wanna use a public node, or do you wanna use your own node? If you don't use your own node, he gives you a drop down of 4 4 choices that are not run by him.
1 is Blockstream, 1 is MZ, one is Bitteroo, and I forget who the third one is. But he gives you an he gives you 4 choices. Luke Childs. Was the last one? Luke Childs. Oh, yeah. Luke Childs. He gives you 4 choices not run by him. Do you prefer that over just defaulting to, in this case, Arrow server? Giving you other options? He gives he gives you, like, curated Right? He's, like, you know, I'm not gonna connect you to a random Electrum node, but your Yeah. To clarify semi trusted ones that are run by members of the community. Can you clarify if what the default is with Sparo? So with Sparo, when you load it up, it, like, goes through the full trade off model. It's, like, if you use a public node, if, if you if you use your own node, like, it gives you, like, a full explanation, and then it asks you which one you wanna use.
And then if you click public node, it gives you a drop down of those 4 nodes, or you can enter a different node.
[01:40:26] Unknown:
Yeah. It it's actually really hard to criticize that. I like that model, and I think it's actually better than what Electrum does, which is the default. Like, you had, JW, who I tend to disagree with literally everything he says. But, one time he was criticizing Coldcard for having in their instructions a way to use Electrum, and he said this means it's all spooky, you know, government project because the default for Electrum is that it connects to a bunch of Electrum servers, which you just alluded to might be chain analysis servers or whatever. And, you know, that's the thing I don't like about Electrum. Like, my my favorite, if I can riff here a bit on what you said, my favorite wallet, really, no endorsement or no no financial incentive on my end is, Specter, because you just can't use it without a node. But, of course, I know that you're gonna disagree, Zelco. That that's a good thing. Like, users should have that option, but, I I like the fact that you can't. I mean, so when it comes to Sparrow, Craig was, like he's sort of hostile towards Tor.
Maybe he's not so hostile anymore, but
[01:41:29] Unknown:
none of the time outs Well, Arrow has Tor built in. The reason he's hostile is because he has a ton of support requests that, you know, it's because Tor is unreliable.
[01:41:38] Unknown:
No. He also said it was, even in ideal circumstances, it's just less good than, I think, using your own Electrum personal server. I can't remember the nuance of his argument, so put an extra the connects to that. The argument, I'm pretty sure,
[01:41:52] Unknown:
is is that if you're if you're running your node at home, you don't need to go and connect to it through Tor. You can just connect to it through the local network because why are you adding that latency and failure rate for for no no privacy gain? Right. Well, that's totally valid. I thought he had another issue with it, but I might be misremembering. One of the cool parts about Sparrow is that it has Tor built in. So you can paste, like, the Tor address of your Electrum node in, and then wherever you are in the world, you can use your own node by just pasting in that Tor string, and you don't even have to install Tor separately. Yeah.
[01:42:26] Unknown:
Yeah. I'm I'm gonna say that in response to your question, I I think it's hard to criticize Sparrow. It's a really good project. It sort burst on the scene and became everyone's favorite immediately, and there's pretty good reason for that. Maybe I'm just stuck in my ways, but I respect to Fanboy. Okay. So
[01:42:43] Unknown:
this is the where the masochist part comes in. So users using Sparrow chooses the Blockstream node, and then does a Whirlpool transaction, does a collaborative transaction, CoinJoin. Do is there a benefit there?
[01:43:03] Unknown:
Potentially. There's a trade off, in the presumably, they're not running their own node. Otherwise, they would've used it, and they can't make the same assumptions about their privacy as they could if they were using their own node.
[01:43:19] Unknown:
But isn't that that's it's a similar trade off. It's just a different entity you're trusting. Instead of trusting block instead of trusting Samura, you're trusting Blockstream in that scenario.
[01:43:28] Unknown:
Yeah. Like, this is the sort of maybe something I've hinted at or just said a few times in this, debate, which is moving trust from what that's why I keep using the VPN analogy. I think the VPN analogy is a great analogy, by the way. That's how I look at it. I appreciate it. I actually think,
[01:43:45] Unknown:
and the samurai guys have said this themselves that that any centralized coordinator model is is not, you know, you you have to trust the coordinator to a degree because they can civil attack you at minimal cost. The civil defense on a coordinator is is in a low transaction fee environment where mining transaction fees aren't high, there's there's no civil protection from the coordinator itself. Yeah, man. There's just so much that works really well. I've yeah. I appreciate that because it does hold quite tight, I think. I just think VPNs can be useful if they're explained if the trade offs are explained well. That's basically where me and you disagree at the at the least.
[01:44:27] Unknown:
No. No. I think I think it's legitimate to use samurai. I I think there are genuinely some bad design choices, but I will extend the olive branch and say that samurai does some great choices as well that pretty much no one else does. So I don't just wanna be a mindless hater with it. I I I disagree on this one sticking point, really, as well as maybe some other minor technical decisions. But, you know, I think I think that explaining those things and having people use it with full awareness has not been something like, we can say that people use it having educated themselves fully, and we can wash our hands of it and say, you know, if people people understand the trade offs when they use it, but that's, to me, just not realistic. People don't really do the research, and people just use default settings on things. That's, again, why I like Spectre because you can't use it unless you're running a node. Like, everyone running Electrum you know, running an Electrum personal server is hard. Right? It's it's a difficult thing to do. And if you're using a node like Umbrella or or Embassy, you know, you've gotta connect to elect RS or something like that over Tor, and, man, it's just it's pretty much unusable. Right? Like, to to use your note that way and, like, on paper, it all works great. But in reality, half the time, your Electrum is gonna be saying it's not connected.
[01:45:46] Unknown:
And you just you know, you need to do a transaction now or whatever. We wanna talk privacy trade offs. What's interesting, Mechanic, is, and Craig was the one who brought this up to me, of Craig of Sparrow. So the the most common way of using Specter is you run Bitcoin Core and you run Specter on the same computer, and they basically automatically connect to each other. Sparrow has a similar feature, where you can run Bitcoin Core on your computer and you can run Sparrow on the same computer. If but he pops up a warning, and the reason he pops up the warning is because your your public keys are actually stored in Bitcoin Core, and Bitcoin Core doesn't encrypt them. So if your computer is compromised, the all the address information in Sparrow is encrypted, but all the address information in Bitcoin Core isn't, and it can be compromised in that regard. And that's why he likes the Electrum server model that because you have you have the computer that is maybe more of a multiuse computer that doesn't have all that sensitive private information unencrypted on it.
And then your node doesn't actually have that information on it either because it's just getting pinged all the time by the client. I thought that was interesting. I never thought about that until you mentioned it. No. That's a great point, and he's dead on. But it is really easy to just run Bitcoin Core on your computer with Sparrow or Spectre attached to it. And you don't have to deal with any tour latency or anything like that.
[01:47:21] Unknown:
Yeah. That's that's like the Ferrari node itself. Just like to have a great computer with 2 terabytes of internal solid state drive space, run a full node, you know, transaction indexing turned on, everything going for it I mean and run on top of it or Sparrow or something else. I mean, the the one the one issue, though, is that you run into,
[01:47:42] Unknown:
just trying to rely on core is if you have any sort of depth to your to your x pub at all. Like, post mix, whirlpool people, people who've been whirlpooling for any period of time, really, their ex pub their Prismix ex pub is gonna be lengthy. So, like, trying to and I've used Spectre before. I'm I'm nowhere near as much of a fan as you are. But I think that if you're trying to use that's why that's another reason why I know Greg likes, likes Electrum server model. Particularly, I know he's a big fan of fulcrum, fulcrum, which is amazing, is because of, like, when you're mixing, those, that gets deep.
And, Kordick can probably agree. I can see he said, Whirlpool been around. He said Whirlpool been around since 2015. I don't know if Whirlpool was around since 2015. I'd have to ask the guys. Definitely wasn't. Yeah. I was gonna say I thought it was 2019. But, you know, you you get some deep, deep, you know, wallet, you know, wallet depth in there. So you if you're trying to sync it up with core, like, that's not gonna work. You need some sort of indexer to speed the process up. And yeah. So I'm I'm not a fan of that. I I like the option of having the the Electrum server. If I'm gonna use desktop or if I'm gonna use, like, a hardware wallet, which I don't use anymore, but,
[01:49:29] Unknown:
would definitely be using Sparrow simply for that that ability to, To be clear, you can use you can use an I'm, like, 99% sure you can use an Electrum server with Spectre. I'm
[01:49:41] Unknown:
I'm thinking of the the time when I when we had it implemented, there was no,
[01:49:46] Unknown:
Yeah. Maybe you used to not be able to, and then they Yeah. Yeah.
[01:49:51] Unknown:
I don't know. The KYC stuff is what who got me out of that one. But, yeah, I I think that there's a lot of, there's a lot of space and room for improvement everywhere, but, ultimately, like, you know, that's why that's why I kept saying, like, the focus of of all this is not, needs to be directed to your on chain privacy, what's giving on chain privacy and what's not. And, you know, that that's really what this whole thing kinda comes down to. That's why the more frustrated I get, I get frustrated because we're you we're we're talking about things that are theater that that have not been an issue. And, like, could they be? Yes. Should you try to avoid using a, someone else's full node? Absolutely. I give talks on that all the time.
But that doesn't that doesn't mean that someone is stupid or shouldn't be, or if they need to, they can't use something or shouldn't be allowed to use something. What if what if there. The 2 what if samurai offered 2 services? 1 for people destroying like lights and one for You you must follow Shinobi a lot because, those are that's always his argument. Dojo won the pool, versus a light white light client pool, and there there's no there's no need to do to do that anyways. Right? Because they're blinded to those other people. Right? Just so they can't coordinator's blinded.
So they're blinded to the dojo and sparrow people. And then you take those out. Like, yeah, they're potentially, they seem to do stuff. But, like like, why why would you cut out liquidity? You would pay the run cut out the You would pay the running a notice if it doesn't work. There would be no point. There'd be no point to mix at that point. Like, it it's I I I I failed to see why people should have separate liquidity pools. I've never seen a good argument for it.
[01:52:01] Unknown:
Like, the good I make the argument. It's that people, if there if you agree I know you agree because you said it multiple times. It's better to do this stuff with samurai running a node than not running a node. The the thing that makes it better to run a node and worse to not run a node, can cross contaminate. I I don't think that's, an invalid assumption, in which case you could separate the two things, and then people using Sparrow and Ronin Dojo don't, compromise with any of the things that you're somewhat hand waving away. And the other service remains that you think is essential, that needs to exist, and which I can actually agree with. So why not do that?
[01:52:42] Unknown:
Why not? What? Because they're all the same. So they're all the same to the coordinator. Right? Like, why why would you cut why would you cut any amount of liquidity even if it's, you know, a third of it? Right? Why would you cut liquidity from people, who are trying to gain the privacy to hide with the crowd, right, that still get backwards privacy and, they get, backwards anonymity and forward anonymity, from participating in a larger pool. Right? Why would you cut that and punish people, right, who need to use the tool? Because that's really what it comes up to.
[01:53:19] Unknown:
But Just to tell you how true. The people the people who are using the light client the people that are using it without their own node would have would have lower anonymity sets in that situation. Significantly lower.
[01:53:32] Unknown:
Yeah. Yeah. Absolutely. That's a problem, of course. But, your your it doesn't seem consistent because, you're saying there's no need to do it because there's no difference in the privacy assumptions. So there's no point doing it, and it just lowers liquidity. Obviously, I get the bad part of doing it. It lowers liquidity for both sides, but, like, we can't simultaneously say that it's better to use a node than not use a node and that they're exactly the same for their privacy assumptions. Those they they those 2 I never said that they're the same. Like, I
[01:54:03] Unknown:
saying from a transact like, from looking at the blockchain, you're not gonna see it. Right? So that and that's that's what this is about. Like, that is what it it all comes down to is being able to observe transactions and make deterministic links and attach, by looking at the blockchain, attach, identities to, to UTXOs. Right? That that's what that's why people use privacy tool. That's why people coin join. Right? So I I don't see the benefit of removing, of removing that. Right? And maybe maybe 1 in a mix. So light light wallet user. But just
[01:54:53] Unknown:
Just to be clear here just to be clear here, if you're trusting the numbers from Samurais, which is big trust, obviously, there's no way for us to individually verify them. They say something like 70%, like, the overwhelming majority of people are using a node other than theirs, whether that's their own node, a friend's node, you know, one of those Electrum nodes we mentioned from Sparrow, they're using a node that's not the samurai server. So the so the people using samurai and light mode is maybe maybe 30% of the anonymity set. So to be clear here, in this situation, the the people that would be hurt the most from this liquidity split would be, you know, the less than 30% that are using, that are that are using samurai server that are not using a different node other than samurai server. It would it would be the live client users who would suffer significantly in that situation.
[01:55:57] Unknown:
Yeah. I agree. But on the other hand, the other people would benefit from not potentially contaminating what they're doing. And, I mean, you have this, potentially
[01:56:08] Unknown:
Yeah. Potentially in the event of, like, the catastrophic event that you're referring to.
[01:56:14] Unknown:
Well, I'm glad you agree that it's at least potentially
[01:56:18] Unknown:
possible. But then that would require those people to go through every single, like to like, they would have to dedicate their resources to trying to reveal and go through every single mix in the past 4 years and figure out ND and and and try to unmix all that stuff. Right? Like, sure. If that happens, it's it's bad. Right? I don't think anyone would would argue that if their server is compromised,
[01:56:45] Unknown:
it's would be fine. So to bring it back again, I think you both agree that the least amount of the liquidity pool that is using Samurais server, the better.
[01:56:58] Unknown:
Yep. I mean, they yeah. That already yes. That already happens. And and then when you're talking about remixes, like, you can almost guarantee that everyone that's remixing. So one only 1 of 2, potentially most that it could be is 2, and any given mix could be a light wallet. And everyone else is gonna be remixing. Remixing are gonna be coming from people that have something running 247, which means that they're 99% of the time going to be a Dojo user. Right? So yeah. And then you remix again. If you're one of those people that are concerned about, about, like, this, like, oh, a light I've mixed with a light wallet person. Like, one, they're not second class citizens, but I digress.
The the main thing is that you just remix, and then, and then what's got now your your chances of being with another person that was a light wallet user has now dropped even more. Right? Somewhat 1 third. And the mission maybe I was 1 or 2, continues to to get a smaller number the more that you remix. Right? Like, remixing it Matt. Avoid those things.
[01:58:05] Unknown:
Yeah. I would just jump in, on one mate, Matt, about, the statistic there about 70% being our node and 30% being,
[01:58:15] Unknown:
and the trust According to Samura. Yeah. Yeah. Yeah. I mean,
[01:58:19] Unknown:
unfortunately, the the incentive for them there is not to represent, well or to be optimistic there. I think we all agree that it looks better for samurai if Yeah. I think the number is mostly meaningless,
[01:58:31] Unknown:
because you have to rely on so much trust there. But but, yeah, gone. Yeah.
[01:58:37] Unknown:
Well, not to be upset, but if that number was way worse, like, only 20% of people are running their own node and 80% of people aren't, using Sparrow or using running Dojo with samurai, I'd be like, this is this is just doing more harm than Yeah. I genuinely would think. No. I mean, I agree with that statement.
[01:58:57] Unknown:
I would say that but logic logic wise, it it first of all, it go I think it goes to reason that the people that are the majority of liquidity liquidity are by people that are using their own new nodes because they're enthusiasts, and they're they care about it, and they're remixing 247. So it makes sense to me logically that the majority of liquidity would trend towards people that are using their own nodes. And then second thing is, ideally, we see more and more wallets implement Whirlpool so that their, you know, their light client users are using whether they're using hand selected Electrum servers like Sparrow or they're using a company's node or a friend's node or something like that, it further disperses it out over time.
[01:59:47] Unknown:
I yeah. That's that's correct.
[01:59:50] Unknown:
I think the goal the goal is to have the least amount of liquid like, as low as pot the amount of information Samurais servers hold should be as the least amount of information possible, if any at all. And the amount of amount of users that are trusting them when they're in these liquidity pools should you want it to be as low as possible.
[02:00:11] Unknown:
I agree. And I would what I would like to see is, a greater amount of awareness
[02:00:15] Unknown:
of the fact that there is a trade off in doing that and not that it's something that can be laughed at and dismissed and, oh, you're a green wallet fanboy and all that stuff. Like, I don't want I don't wanna It says that in the when you load on the wallet. It does say that. It says it in the wallet, which is something that we've said multiple times. That's why I'm starting to hand wave it is because I've said it multiple times. And you've already told me you've not used the wallet, so it makes it very frustrating.
[02:00:39] Unknown:
And it that's why I just start hand waving it because Well, I have I have used we've had it. A long time. I used Semerony when it first I used Semerony a lot in 2018.
[02:00:48] Unknown:
I mean, that's great that they have new they they have updated their stuff. Have changed since then. Is it they they haven't started a Fresh Wallet since then. Right? But, like, people understand that that's in there. And if you've been in since 2018, you've understood, like, what that they've preached and what that they've what they advocate for, right, which is running your own node. Right? People understand the trade offs. People who are using it that are active in the community understand the trade offs.
[02:01:13] Unknown:
Right? Then why then why do I majority of them. Time I have like, either the XPOP leaking is a concern or it isn't. And if I bring it up Leaking. What people It's not leaking. Leaking is is a is not the right term because it it's by default. Like, that
[02:01:29] Unknown:
it's designed that way just like any other wallet. Saying leaking is not correct. That would be making it seem like you're sending that's going to a different source, and it's not. It's like it's using the wallet the way any other wallet would, which is backed by a server, which, again, the reason that their server is that way, the reason that their wallet is designed that way is because of the user user activated soft fork and people having different nodes and running different stuff. They don't want people running BCash. So instead of that, right, they said, hey. If you don't have your own node, you can run ours. This is what we're gonna run, and we're gonna stay on the the Bitcoin core blockchain. This is what we're gonna do. Right? So, like, so that's it. It's like a a you hand wave that. So, like, just keep in mind, like, stuff is designed that way. And once that they've designed it in that in that manner, trying to completely undo, this this architecture that they've built the wallet on, which has been around since 2,000 I wanna say 15, is when the wallet came out. So you're trying to trying to hand wave out why why would you design something like that? Well, it was it wasn't 2022.
You know what I mean? Maybe they would do something different if they started from scratch right now, but they have users. They have people that rely on it, and there's a reasons that they do what they do. Right? There's a reason that it was set up like that, and it was because of, the user activated soft fork and people not knowing what to do. The question that was asked, I think Matt posted it on, on, Twitter about, you know, like, hey. Make sure you understand the the node rules and consensus because you can opt in and out. Right? So wallet rules apply to node rules too. If people trust me and you more than they do, being able to go in and verify, I mean, like, maybe if there's a user activated software again, what if we me, like, running dojo has goes one way, and then start 9 goes another. And but users don't know. They're just like, oh, I'm just gonna run it because, you know, I'm using their stuff. You know?
Like, it it's the same thing, and they that's exactly why they said we're gonna use this model because we didn't wanna u they did not want to use, that, oh, just a connect to a random node, the SPV type style. We're gonna connect to a random node where you didn't know what you were gonna get. It's a very important detail to, like, try to leave out during a very important time of Bitcoin. Right? Like, that was a a very controversial time to be going around and to be a wallet developer during that time, and it's hand waving to now to try to retroactively look at them and, like, oh, well, they should have just done this because I think it's better. That's great that you think that, but you haven't done it. You weren't there. And, like, we're no developers. We're doing a a totally separate separate thing, and that's why, you know, competition will always be there. But, like, we have different visions. I could I could break down all of your stuff as well, but you guys have a choices. You guys have a reasons for why you developed the way you did. I'm trying to explain to you why, why their server is set up that way.
And, again, I guarantee you, if, you know, if the world was perfect, they would have no one running on their server. They could just shut it down. But that's not the reality, and that's not where they're at. That's not how they started. They try to support as many people as they can to use Bitcoin and to use Bitcoin privately with, yes, with a caveat that you have to have some sort of trust. It is a a trusted model if you're using a light wallet like it is for any other light wallet. It's trusted.
[02:04:43] Unknown:
But I agree with you. We'll get privacy. No. But I agree with everything you're saying here, and this is not what I'm bringing to the table in this debate. The the the prevailing, the zeitgeist in the space and the narrative around what's going on with privacy and Bitcoin, There is none of this, apologetic, it's a trade off, it's a compromise, it's not our renewal, it provides a good thing, maybe. That's never what happens in these debates. These debates always turn into you're a spook. You're a government actor because you're telling people that they shouldn't be, I don't wanna say, leaking their xPubs because you don't like that term. But if you're exposing your xPub to a third party and you're engaging in CoinJoints, you might not be getting what you think you're getting. Whenever I try and bring that point up, I get piled on by about 2,000 paying ins telling me that I'm a spook. And I'm like, but this is literally true, and it's what you're saying right now. You're tacitly acknowledging that this is not an ideal solution. There's a compromise that comes with it, and you can't ever highlight it because people jump down your throat, and it's not wrong.
[02:05:48] Unknown:
So for 1, I don't have anybody calling anybody a spook. I think all of that whole fucking thing is very there's a particular Twitter person that I'm not gonna say his name, but I hate when people try to just randomly say that, because it's generally people trying to say that it's a spook or people that use it are spooks. So, I'm not if people are saying that, that's I'm not okay with that. But, yeah, the when that debate comes up, that argument comes up that it's it's typically because someone framed it saying, oh, you have to have Dojo only pulls. Right? Like, your argument the reason I jumped in, one, you said it was retarded to use the wallet, and then you continue to double down by saying, like, using it. You don't actually get any privacy. And that's like, you don't add the caveat, and so your nuances aren't there. Right? Like, you're you're not you're not framing your your position in a way that is, you know, like this. Like, the way I frame it, right, is saying, hey. You can get on chain privacy using semi wall. They have great tools. You need to understand that if you don't run a node, look at that when you open up your wallet and you start a new wallet right now. It'll tell you, hey. You are taking a risk by, connecting to our server. We have to use your XPUB in order to provide you addresses. You're not gonna be trusting any other, nodes but ours, etcetera, etcetera, whatever this specifically says.
But you need to, like, understand that, one, it's it's said. It's advocated to run a node. Right? And if it like, the like, they developed all these things, right, Dojo included, in order to push people towards running their own note, to being more private, to not having to rely on them. Like, that those are all things that they are doing. Right? And that like, that's that's what I'm trying to say is that, like, you're continuously trying to double down, and then you get piled on. And you wonder why people pile on you is because it doesn't make sense. It doesn't make sense because people look at it from a real person perspective, which is right now, if I didn't have a node and I wanted to coin join and then transact, could anyone look at the blockchain and say which one's mine? The answer is no.
So Alright. So that's Yeah. And and your argument is saying, like, yes. You get privacy No. But no. I'm not asking that. That's a Like withdrawal. If they got compromised. And so you're like, okay. So but if, like, instead of saying but if, like, you just stick with the, hey. You know, it's a great service if you have to use you know, if you don't if you can't run a node, like, and you have to use it, it's still better than using other light wallet other light wallets, which it is. So, like, if you're gonna trust a node, at least have one that has some privacy to third party, actors, Like, we I mean, that makes sense to me.
Right? Like, looking at looking at the blockchain, if you can't look at it and just easily be able to tell, then you should be using that one. If you're gonna if you have to use a light wallet. Right? Like, that's something that you want to ignore. You just have to use a light wallet. Understand the trade offs. Understand that, hey. Someone has those goggles that you can see someone if they're invisible or whatever it is that you want to say. There are trade offs, and we we lay them out. We've laid them out many times. There's a claim all the time.
[02:09:21] Unknown:
I gosh. I just installed samurai again and went through all the menus. I I didn't I selected not using a dojo, and it never gave me a warning. Do you mind telling me initial pop up. It says,
[02:09:31] Unknown:
like, the the bird leaving the cage and every and all the other I'll pull it up. Jesus.
[02:09:37] Unknown:
Yeah. Just I'm not saying you don't have it. I'm just I just wanted to see it. Okay?
[02:09:45] Unknown:
But yeah. I mean, I'm gonna try to pull this up while we talk. But, yeah, the my my point remains that users users who are using LightWallet are using it because they have to, and they still want to transact privately on the chain, and they're going to take that risk. That's fine. And I'm sorry if the warning isn't specific enough for you, which is basically what it this has come down to, is that it's not nuanced enough for you in particular.
[02:10:15] Unknown:
Oh, right. I've just found it. You have to, like, swipe right a few times to Oh, you mean, like, continue to make the wallet? No. Like, on the first page before you press get started. I I still don't see it. I still don't see whether I don't know. The first page says break free of third party custody. Remain in complete control of your wallet at all times. Then you press get started, and it offers you to choose a backup directory. Would you like to enable Tor? I turn it on. Would you like to connect to your own Dojo server? Status not configured. So I'm gonna leave that and just press create new wallet. Then it asked me to make a passphrase. And I say, I understand that Stammurai cannot provide assistance in the case of a lost or, you know, my money. It asked me for a PIN now, so I'm putting in my PIN.
Then, it gets me to download my BIP 39 mnemonic. Now it shows me the mnemonic, and then it tells me my passphrase again. And then it says, claim your payment bot and that you're up and running somewhere. I don't see actually a warning anywhere. Like, I I deeply wanna be wrong about this, so please correct me.
[02:11:36] Unknown:
Yeah. Sure. Give me a second.
[02:11:44] Unknown:
While you're doing that, like, as an aside that shouldn't offend anyone, I wish to Christ that, XPUB was not called an XPUB. Right? This the last thing you want to be public, apart from your private keys, is your XPUB. Like, this is such critical data to keep private, and it's called extended public key, which is just the worst name for it possible.
[02:12:08] Unknown:
No. Yeah. I definitely agree on that.
[02:12:10] Unknown:
I mean yeah. But it's that that's like a cryptography.
[02:12:16] Unknown:
Yeah. For sure. It's an embedded term. Like, we're not about to change what we might call it. Well,
[02:12:22] Unknown:
yeah. Like, we change hardware while it's assigning. No. I call seed words secret backup words. What do you call what do we call next button?
[02:12:34] Unknown:
Like, I I call it, like, a a blueprint almost, but that doesn't really It doesn't help that much. No. It's not I don't know of a better term. Minero does a decent job with the view key,
[02:12:45] Unknown:
but I don't know if that helps. View key better than Next Pub. I mean, Next Pub's pretty bad.
[02:12:53] Unknown:
Yeah. It implies it should be public, which it just shouldn't. Like, I can't think of a good reason ever. Like, unless there was, like, talk of bull Bitcoin implementing, you know, you would upload an extended public key to the platform, and then your DCA would go to a new address every single time. And you can just use BitPay E5 or something like that to generate a unique XPUB for, for each service you use. Right? So bull Bitcoin half my xpub, so what? It's a list of addresses that they are gonna know anyway, and I'm never gonna use one of those addresses for anything that isn't bull Bitcoin. So that that to me feels pretty watertight.
[02:13:33] Unknown:
Okay. Yeah. So on their website, they have, let's see. Okay. Good. Great. So it says, similar wallets, unrivaled in transaction privacy, but the default configuration is still subject to network level privacy loss. So Singer and Dojo allows you to simply bypass our default servers and circumvent these concerns. Simple. A default center of our wallet will connect to our centrally controlled dojo host in Iceland. We do not store logs of IP addresses, but you have to take our word for it. By hosting your own dojo wallet server, you can bypass our servers and completely, service completely when using SamRite Wallet or Sentinel.
[02:14:14] Unknown:
It's where is this? On their website.
[02:14:17] Unknown:
And, if it's not the I remember I know I've seen it in the wallet, and I don't have the means to start up a new wallet this second. But if it's, you know, if it's not in there, I know that it's something that's been brought up. So, Ultimately, I do know that that what's it called? The whole Where is it in website? Sorry. I'll post it in the chat.
[02:14:50] Unknown:
Thanks.
[02:14:53] Unknown:
Ultimately, this isn't something that's never been brought up, communicated, or easy to you know, if you go on whether it's their Telegram, you go on Twitter, you search any of that stuff, you're going you're gonna find tons and tons of responses, tons and tons of, like, openness about it. If you look back to when they first hosted Dojo or first released Whirlpool, Like, I even remember when Whirlpool was first, released. Dojo hadn't been released yet, if I recall, and everyone was saying don't. So, like, a bunch of people were saying, like, don't do it until you get, until you get Dojo running and and do it with Dojo. And saying, well, I will never know. Like, yeah. And and the best practice was to start a fresh wallet. So if you start on Sami Wallet and then you oh, Sami Wallet server and you got Dojo running, you know, don't just, like, recover your wallet. Right? You want to come back and, start a fresh wallet and move your funds over.
It's the the practice has been part of the samurai culture. Like, running a dojo has been part of the samurai culture for as long as dojo's been around.
[02:16:03] Unknown:
Yeah. I'd agree with So But it doesn't mix these warnings up. Like, you have to you want to dojo to click through to the dojo part of the website to then be told the benefits of not using Sunrise service. Like, the warning's in the wrong place. Sure. At the very I look again.
[02:16:20] Unknown:
Zelco, would you agree that that it should be it should be very clear to the user on startup, the risks of of not using their own node.
[02:16:32] Unknown:
I mean so my my only issue isn't with having, like, a warning or whatever. Right? Like, I think that's fine. But as you've already said, Sunrise is the only one that even has any sort of, like, description of what's going on. They're the only ones that have done anything that that, like, talks about what to do with your stuff. Like, these prompts that are are there, even the ones that you're saying, or stuff that's not in any of the other walls. It's our so, like, I get frustrated because, like, yes, I I would love everything to be perfect. But, like, then when you start to talk about, like, appealing to all these different things. Because right now, it's like, oh, well, you know, like, like, the saying having the warning is, like, okay. Cool. You passed the check mark. Then what then what happens? Oh, well, that's I can't believe that's all they have is a thing. They shouldn't even allow people to use the use Ceramic Wallet with their server. It's it's always a goalpost. I'm not saying you're saying it. Just I just think these tools have clear, like, warnings of trade offs at start ups so that I don't have to have a separate 2 hour and 15 minute conversation on a podcast about them. Instead, they could just be at start up.
[02:17:38] Unknown:
I mean, this should be you should make the same argument for everyone. I agree. I 100% agree. I think Sparrow does a fucking fantastic job with it.
[02:17:47] Unknown:
Yep. Yep. You can't doing that. Like, you want you wanna have gone to every reasonable length possible to to educate people and then make their own choices and be sovereign, and then if they don't, that's not your problem anymore. But as far as I can tell, and I'll be honest here, this is not, you know, this is not me trying to, extend an olive branch or to be needlessly, accusing. I I think there is a concerted effort in the space to mock people that bring this concern to it and, detract and deflect and accuse, you know, make ad hominem arguments and things like that. And then to learn that there's a warning right there in the wallet when you install it, It's on the website. I'm like, okay. Great. And it just turns out there isn't really. Like, there should be an The reason that the reason that,
[02:18:35] Unknown:
like, I I've already said this. The reason that people attack that that stupid that argument, right, like, this this whole thing is because of, like it's like a again, it's a simple white knighting of, like, everything. It's like, oh, man. Well, like, it's not good enough. It's never good enough. This is never good enough. And it's continuously doing that instead of being like, oh, wow. Like, SemaRock actually does make all the best tools. SemaRock Wild does have the have the best coin joint. SemaRock does have the best post mix tools. Samurai does have, they're the only ones until Sparrow came along. The only one with Panem's. Right? They're the only ones that are actually doing something to try to further, Bitcoin's privacy. But people wanna sit here and just be like, oh, well, I can't believe they would do that without x warning or b warning or whatever it is. Like, I'm all for it. Like, I want I want warnings. I want that stuff. But when it comes down to it, we're like Me too. When it comes down to it, like, people are just like it's it's never gonna be good enough. So what happens is there, yeah, there are a lot of loyal people who are hardcore samurai people, and they're they stand up for their wallet because they see it all the time. Just get constantly dunked on or walked over or people attacking their stuff for no reason, right, or for a reason of, like, what the developers chose to do with their wallet.
Like, well, guess what? Users are still using it. Like, just No. I think despite all this. Because users do know. People who are Ronin users, people who are Dojo users know this trade off. Right? And that's why that they're Dojo users, they're doing that for the right reason. Right? But if we're talking about the the reality, the reality is that, like, all this stuff is already known. It's known. And, like, as a new user, could it be a a perfect onboard? Sure. I'll put in a feature request, but, like, ultimately, it's the people don't we we start to to push back because we hear so much nonsense and people sitting here saying, like, cheering on Wasabi and saying that, like, oh, it's so great and whatever. But yet they work with coin join, chain analysis, and they were they blacklist people. In what world is not everyone saying, like, okay. Like, we need to reevaluate.
Let's at least, like I I see the trade off. I'll run run I'll run Dojo, run and whatever, and I'll use I'll use Samurai and Woolfolk because I know that they're not working with, chain analysis. But, yeah, people are still sitting out and telling me that Wasabi is better because because that's ultimately what this is is that you've already said it. You're impartial towards mobile wallets. You don't like mobile wallets. And so, yeah, there's easy you could pick at anything in a mobile wallet versus a a desktop wallet. Right? But, like, the reality is that people need mobile wallets so they can transact in the streets. They can transact wherever they need to. So Yeah. This is my overall, like, assessment of your position on it. I think it's naive because we know that wasabi Wallet works with chain analysis, and you're saying we know that samurai don't. And I'm saying, how do you know that? What indicate okay. So tell me this. We have one that specifically told us. Right? What indications do you have that points to,
[02:21:38] Unknown:
Samuel Wallet working with, chain analysis? The point is I don't believe that they are, but we don't know. We we know wasabi is, and we don't know about samurai.
[02:21:49] Unknown:
I don't wanna make a I don't wanna make a argument ad absurd ad absurdum or whatever. But, like, we don't run, you know, dotexe files and closed source binary that Satoshi run writes for us and releases on a website because we trust him and then go, what indication do we have that Satoshi is compromised? Like, obviously, we don't we want to minimize trust. Like, that we should be on the same team with that, and I don't get why we're not.
[02:22:15] Unknown:
That that we're not on the same page with what? Like, you said that Samara was trust.
[02:22:21] Unknown:
You know, like, you're saying what do I have that they've broken our trust, and I'm saying I don't want to trust them. That's all. Yeah. But you but you're talking about, like, the wallet. Like, you're talking about the wallet, and that's really what it comes down to.
[02:22:33] Unknown:
Right? Like, one is the coordinator. The other is not a coordinator. Right? Like, like, they're both or sorry. Let me rephrase that. Wasabi and Samir are both front coordinators. Right? So it's important if you know that one is working with chain analysis. And if you don't know if the other is or is not, having some sort of indication is probably important. And I I would I would argue that if you're going to Do you look at the same one that's not say that somebody
[02:22:59] Unknown:
is the one that's been forthright about the fact that they're compromised and the samurai isn't, which actually makes Western Army more ethical. I'm not saying that's my position, but it's not clear cut. It's not black and white.
[02:23:09] Unknown:
The fact that What's not black and white?
[02:23:12] Unknown:
The fact that one openly works with chain analysis and one either doesn't work with chain analysis
[02:23:18] Unknown:
or lies about the fact that they do Well you go with Oh, let me tell you how it'd be very very easy to debunk, like, them working for the chain analysis. Right? In order for chain analysis to be effective with SamRwalt, right, you would need what? You need some sort of information, or they would need to be able they would want what more x pubs. Right? That's what they would want because I could just give that over. So if you don't see that Yeah. If if you're not seeing more users being pushed towards, samurai server, right, or if you're not seeing, you know, whatever it like, you're not seeing it. Right? You're not seeing the trend towards more expoaks being captured.
I don't see how you could sit there. Like, more development is happening towards, towards the node side of it than there is versus Wasabi, which is openly blacklisting. Their coordinator is openly blacklisting. You have one that is blind using Tor changing addresses and never have to see the other side of it. They worked with another wallet to implement. The other wallet worked with them, but Sparrow implements it so that there is, a whole liquidity pool that cannot be done by that. If Standard Wallet wanted to farm out these XPubs, when they say that we don't want them so that we have a higher, a higher rate of light wallet users so we could give that information to Chainalysis, wouldn't that make more sense?
They would want they would want less help. They would want more people to be mixing with LightWallet. Correct?
[02:24:51] Unknown:
Sorry. Can you rephrase?
[02:24:54] Unknown:
If my zone now. If SamRite Wallet was working with Chainalysis, they would want to limit the amount of people that no. They wouldn't want Sparrow to implement it. Right? Because they they would have no xpubs, and they would want more light wallet users because they have their xpubs. So if
[02:25:14] Unknown:
they worked, they they would have Spare Wallet use a separate pool, but they didn't. Yeah. You're acting like there's only ever one incentive in a situation, and that's just not the case. There would be a whole bunch of incentives. I mean One of them yeah. Look. There's incentive for samurai to not wanna betray their users, and there's incentives for them to want to betray their users. Like, they all exist.
[02:25:35] Unknown:
Okay. Yeah. I mean, I don't I, like, I I don't know how to, how to argue against, like like, actual incentives because, like, I've I just laid out the incentives, and you said, like, it doesn't matter. So,
[02:25:56] Unknown:
the whole incentive. This is why this is why the VPN analogy works. It's just part of the trust model. You're not there's no way to to to prove that the server is compromised or acting malicious, and users should be aware of that and that trust model if they're gonna use it. I mean, I I recommend molvad.net for VPN usage, and one of the reasons is because they're very clear that they say they don't take logs, but there's no way for you to verify it. Right. But I I just wanna be clear here because I said this earlier, and I was incorrect. Both me and Zelko said it. I spun up a new samurai wallet. It does not warn you, of the risks of using their server. I I mean, I personally would like to see a clear warning there.
It does give you the option to immediately connect to Dojo, like, first thing, but it doesn't say, like, what that benefit would be. It's like a simple text, you know, use this so you don't have to trust us.
[02:27:01] Unknown:
Yeah. That would that would make this whole thing a a very,
[02:27:05] Unknown:
happy Then it wouldn't matter. Outcome. Right? Like, everything else would be fine? I just want trade offs to be clear. It's my Yeah. I mean, like, sure. We'll we'll,
[02:27:13] Unknown:
the Like, if if we're putting people need to keep coming along and, like, creating issues and complaining about stuff that you're rolling your eyes at because it's been done to death, but it results in a warning that makes users more educated and aware of the trade offs, then I'm glad I did it. I mean, like,
[02:27:31] Unknown:
I just see it. I'm, like, looking at it from the point of, like, you know, we commute like, samurai community has been doing this for so long, and it's just like it's funny that it's like, oh, well, in order to get my stamp of approval, it needs this thing. And it's it's okay. Like, that's sure. Like, that's fine. And, you know, like, you might waste some of the the you know, like, maybe that's something I'd put in. But, you know, like, it doesn't like, you may seem like, oh, this like, everything else is fine. And so your your stance on everything else like, your initial point, your initial statement wasn't about a warning. Your initial statement was about, you know, if you use these tools without, you know, without Dojo, it's useless or it's a larp, and that was what I was upset about. That's what I think is absurd.
So, like, you you haven't been able to debunk anything other than saying, like, well, yeah, it works until their their, server's compromised. Okay. Well, until someone gets arrested, you can let me know. But, yeah. Yeah. Chips Ahoy because they're very clear about it on the website and in general.
[02:28:49] Unknown:
I just oh, yeah. That's why I was wrong. I mean, because they are so clear about it on the website. Yeah. We talked about it all. Yeah. I just personally would like to see more wallets in general do that, and I know I know in an open source situation, anyone can fork it and add that warning label. They don't wanna add it, and I I respect that. But I personally would just like to see warning labels on I would trade offs explained to people on start ups so they don't need separate education.
[02:29:18] Unknown:
Yeah. I think, I think there could be start up warnings on on, like, obviously, all wallets, but, like, it'd be good for the big heavy hitter ones to have stuff like that. Yeah. Like, boot up ledger live. When you boot up ledger live, it should tell you
[02:29:32] Unknown:
you're using Ledger's servers. Which is great. What's Barrow give us a list of warnings? I mean, like, we Our intent Yeah. To educate you. You've got no dog in the fight. Right? They want you to use what's best, and they don't suffer if you don't. Yeah. That's the point. They're missing revenue. Like, there's no incentive there, at least anything like to the extent. If someone sees a big red letter warning that says, warning. If you do this without Dojo, your privacy is you can no longer make any of the expectations to the same extent that you could if you were running Dojo. And they go, well, I'm not running That's not I can't. I'm not gonna use it. Like, it's
[02:30:05] Unknown:
you like, that's see, like, that's that's the line that that we're talking. I wanna know. We keep saying, like, you you you not could have privacy if you if you use our server. No one's gonna put that because it's not that is not the situation. That's not that's not the case. Like, it's don't use our, you know, don't use our server so that you can maintain optimal privacy or whatever it is. Like, you know, that's that is a very different statement than you saying that you won't have privacy if you use, if you opt to not run Dojo. Right? So, like, you you have to, like, understand the difference of what, like, what you're trying to to articulate because they're 2 different things.
[02:30:46] Unknown:
You have on your privacy. You've not proven I can't VPN on. If you're turning around and saying, like, your ISP has no financial incentive to keep your stuff private, A VPN provider does. If they get caught leaking data, then they lose business. Right? But are you gonna tell me that there isn't a honeypot VPN out there? Like, of course, there are. So it stands to reason that so I'm trying to sorry for the what aboutism, but there's going to be a privacy wallet in Bitcoin at some point that is a honeypot. And so we wanna look out for the signs of that, and we wanna minimize the mechanisms by which we can hurt ourselves by using it. Like, if wasabi team is all FBI agents, I don't care because they don't get any data that actually hurts me. They just do something I find politically disagreeable, but it doesn't change what their actual software does. No. Their software just works. So at all.
[02:31:35] Unknown:
But that's a different case. No. I I I see what you're saying. Like, that's fine. Right? But, like, it doesn't it doesn't change the fact that, like, your users that need it now, like, we're, like we can talk about the future. You can talk about improvement, all that stuff. Sure. But telling users right now, don't use it or it's harmful to use it is wrong. That's not correct. You've not yet proven. I want I'm not gonna end the debate with you trying to say that there's harm in users for using Whirlpool, on a light wallet when they if that's what they need to do. Right? Like, if they need a light wallet, they could they can use it. They can break deterministic links, spend, move on. And that's harmful if assumptions are wrong.
What?
[02:32:27] Unknown:
If their assumptions about what using the light wallet provides for them privacy wise are wrong, then that is harmful.
[02:32:34] Unknown:
How so? They're getting on chain privacy, and they've already been explained all this stuff. So explain to me how because this this is this is, like, the point that I'm I'm getting at. Because you gotta look at like like, you're talking about in this idea that they're working, and it's fine. I get it. Like, we need to have, you know, adversarial thinking, and that's fine. If they are they they can treat them. They can take care of themselves and figure out, hey. Do I is my adversary a samurai, or is my adversary, you know, chain analysis or third party? Because, like, that's it's typically the state, and it's typically gonna be law enforcement if they're really concerned about whatever it is. So if they're concerned about it and they can't run a node or they are choosing not to run a node for whatever reason, they can still have on chain privacy.
[02:33:25] Unknown:
On chain is is what we're looking at. Right? Yeah. But that's the point. They can point, though. But Is You've acknowledged over and over again in this discussion that it's better to use Dojo than you use.
[02:33:39] Unknown:
It's better to use Sami Wallet than it is to transact with a straight whatever wallet, right, that uses normal Bitcoin transactions. It's better to use a light wallet to mix, break the term and stick links on the chain, and take a small risk.
[02:33:59] Unknown:
Right? With only It's better to do that until you can run a new totally better. Do whatever. That's right. It's better than doing
[02:34:06] Unknown:
nothing. It's better than
[02:34:09] Unknown:
not doing the transaction. Love it as doing the full going full hog.
[02:34:16] Unknown:
I can't I didn't hear what you said. What did you say?
[02:34:19] Unknown:
It's not better to use the like client if your assumptions about the like client are that it affords you the same benefit of using Dojo.
[02:34:26] Unknown:
But when, like, when has that ever been said? And that's just because that's just your implication of the warning?
[02:34:35] Unknown:
No. Yes. The warning should make it clear that they are different. Yes. But you you are putting out that the the warning
[02:34:42] Unknown:
has to be something along the lines of, you know, your your data is compromised or your point your privacy is compromised, and it's not compromised. Once there is there is a chance of whatever, you know, there is a chance that could happen, but, like, you're trying to make this assumption that it is right now that you're that moving forward, you have no, that you have no privacy. It's like, well, if I need privacy from my employer, like Matt said, yeah. You have do you have to private transactional privacy from your employer? You have the privacy. It depends on who your privacy who you're trying your privacy from. So, like, that's that's a delineation I'm trying to make with you that you you're still unwilling to accept,
[02:35:32] Unknown:
and that's fine. You can you can have I'm not saying there's no I'm not saying there are circumstances where using just the light client You are. Doesn't create a threat model to having not used it at all. Okay? I'm not I also won't concede, though, that that is strictly better than just operating publicly on base chain. I'm trying to say that we definitely have obviously over and over agreed on the fact that using Ronin Dojo with the samurai wallet instead of using it as a light client is better. The fact that it is better and that you agree with that means we can make a statement that tells people
[02:36:16] Unknown:
I mean, I I I feel like no. That's that's fine. No. No. You're fine. What I'm gathering the statement. Is it Yeah. Best case, use Dojo, use Turn Dojo better. Like, take the assumption. Right? Take the risk. And then, like, the worst case scenario, use, like, Wasabi or something. Right? I'm just kidding. That was a joke. I'm just kidding. Realistic. Yeah. No. I'm just like I think I think we've talked in circles that so much that it's kind of, like, pointless to this point just because, it's very, like, nuanced of what we're talking about. And, like, the the debate like, I I was heated when I when I started this whole thing because, you know, if I look through the the tweet thread, it's like, oh, more like, you know, samurai is fed or samurai is this and blah blah blah blah blah. And it's like, I'm I, like, can't help but get heated. Right? And we we start to debate, and I'm making these points. And, like, we're just talking circles because you you're operating in a very high adversarial mindset versus, like, a normal person mindset, which is fine. There is a level that that we should have. Like, we we should have people who think adversarially.
I'm okay with that. Right? But I'm not okay with not being able to accept that there is adversarial thinking, and then there is, like, okay, the reality of, like, there are normal people who need to use this normally. Right? And so you you have to be able to step back sometimes, right, and think a little less adversarial to be able to, like, understand why something is the way it is. Right? Like, normal people need to to operate this like, might need to operate this way. And so Yeah. And that's why if if, like because your your whole, like, argument is is about this. It's literally about a is adversarial thinking. That's fine. Yeah.
[02:38:20] Unknown:
But but, like adversarial as opposed to optimization.
[02:38:24] Unknown:
That and that's okay. And that's why and there's an option for you. Right? There's an option for you. Dojo. Right? Cool. There's there is an option for people who are not adversarial, care, or they are not adversarial against, against Sam Roth Wallet. So that's I I think that we can agree on on, like, where your mindset is and why it differentiates from everyday people. But, yeah, I kinda agree with the some of the people on the chat. Like, is this still going? Yep. It's because we we have been calling in circles for a long time, and that's why I'm, like, trying not to bash my face into my keyboard right now. Yeah. That's I don't I don't think there's much else that I have to add. Matt?
[02:39:12] Unknown:
Thanks, Elko. You wanna, mechanic, you wanna wrap us up with some final thoughts, and then, well well, then this bad boy, we've been gone for 2 hours and 40 minutes. Jesus.
[02:39:22] Unknown:
Yeah. I failed it wrapping up last time. Yeah. You did. Try again. I don't I don't want obtuseness. Right? Like, as Chip said in the chat, like, if you get paid in Bitcoin from your employer and you run it through Whirlpool LiteClient, your employers then can't trace it. You've gained privacy. And I'm like, yeah. Exactly. If your ISP is sending all your browsing activity to law enforcement and you use a VPN, then you've got around that. Congrats. But who's to say the VPN isn't just sending that data instead? And law enforcement specifically targeting them. Even if they're good actors, maybe their hardware is compromised, and they don't even know about it. So best to use software that just minimizes all this in the first place, a Tor network or, you know, Samura at least, Samura with your own node, and that's what I'd recommend.
[02:40:09] Unknown:
That was a much better wrap up this time.
[02:40:11] Unknown:
Okay. Guys, I look. I think, I appreciate you both coming on. I'm glad that you both felt comfortable with dispatch as a as a forum for open discussion. I hope that that some listener I think I think a lot of listeners will have found this helpful, and I hope that's the case. Yeah. And I I I I just appreciate you both, and I'm glad I'm glad that we had this discussion. So thank you both.
[02:40:42] Unknown:
Nice one, mate. It was good to meet you a bit. And,
[02:40:46] Unknown:
and, yeah, don't forget. You guys can always run Run on Dojo because we'll support it. So if you wanna use samurai and you wanna mitigate all the risks, run dojo.
[02:40:57] Unknown:
Cheers, guys. Thanks.
[02:40:59] Unknown:
Alright, buddy. Bye.
Introduction to the new debate format
Explanation of the debate prompt
Discussion on the trade-offs of using Samurais light client mode
Warrant canaries and their effectiveness
Trust in Samurai to disclose breaches
Privacy needs in different countries
Discussion about the trade-offs and compromises of using a light wallet versus running your own node
Debate about the potential benefits and drawbacks of separating liquidity pools for different types of users
Importance of understanding the trade-offs and compromises when using a privacy-focused wallet
The importance of running a node for on-chain privacy
The development of tools like Dojo to encourage running a node for privacy
The trade-offs and risks of using a light wallet without running a node
