(Just re reading my somewhat rushed prose, I would like to correct: "somewhat like creating a new account" should be "exactly functionally equivalent to creating a new account, unless there is a coding error (reused addresses)").

Show thread

.. that like it or not, Joinmarket has never been something you can use in a simple way and expect defence against active attackers. I think a lot of people intuitively understand that, people who are deep into Bitcoin's mechanics. But a new or general user probably hasn't much of a clue.
While at the other end, at the level of persistent and intelligent use over time, even active attackers are going to really struggle. Mistakes have to be made. (6/6?)

Show thread

... our active attacker, notice that even when he succeeds in tieing groups of utxos to mixdepths, his success in maintaining ownership flows through future joins/transactions is contingent on this kind of break (a completion of a mixdepth closure) not occurring. Precisely when users switch to a taker role, that can happen (well, to be fair it can happen other ways such as just manually doing a sweep on your own with no coinjoin).

So overall, both the fee model and the active attack mean (5/n)

Show thread

(see "Completed mixdepth closures" in github.com/AdamISZ/JMPrivacyAn for context).

People think change is toxic because it links across transactions. True, but a slightly different angle is to notice that sweeps create these "mixdepth closure completion" events that are almost like creating a new account/mixdepth.

And this is where the taker role comes back to prominence, as I mentioned in my analysis of the gridchain incident. Sweeps are a taker-side feature of .

To return to ... (4/n)

Show thread

I emphasize *messy* - there are a bunch of difficulties in doing that, and it's very unreliable (how do you know that set (A, B, C) and set (D, E, F), which are not overlapping, are actually different mixdepths and not different subsets of 1? It's not impossible but can go wrong a ton of ways), but possible.

But here's the key: that links "sets of utxos in a mixdepth", even if successful, which is not *quite* the same as mixdepth(=account).What's the difference? Sweeps.

Clean your room! (3/n)

Show thread

... then picking that maker explicitly (identified by pseudonym J5... - this is not perfectly reliable, but people do stay with one nym for a long while usually) in a sequence of coinjoin proposals, using up PoDLEs, but not *that* many, and deliberately choosing a bunch of different coinjoin amounts in the hope of getting them to spit out different sets of utxo inputs. It's messy, but you have a chance of picking up sets of utxos from different mixdepths, that you then know are linked .. (2/n)

Show thread

This is probably a blog post of some sort, but I'm snowed under so just writing it here:

I think at a cursory glance, people overestimate Joinmarket's effectiveness, especially against *targeted* attacks, but if anything underestimate it when they take a deeper look.

Consider the idea of a targeted attack on a maker, identified e.g. through having done one coinjoin with them and knowing some utxos (say, just 1 for simplicity).

"Targeted" attack could just mean, acting as a taker, ... (1/n)

waxwing boosted
some hard data on the #fediverse: japanese remains the #1 language used here.

waxwing boosted
waxwing boosted

The Fediverse does not need less features, it needs more. And it seems really stuck in that regard.

Maybe it also needs refactoring of old ideas. Give me a way to easily filter for all posts from from my instance, or any particular instance, or all post not from my instance - and there's a (maybe less confusing) replacement for Local and Federated.

Let me browse the public timeline from any other instance right from where I'm logged in (provided their public API is available)...

From my local orderbookwatcher this morning:

> 6 fidelity bonds found with 13.99603543 BTC total locked up

Well that escalated quickly (one day after the release).

(Sometimes you forget that there are users out there for whom 10 bitcoins is something you can lose down the side of the sofa)

waxwing boosted

Some people think the #Bitcoin user stories I bring in my podcast are edge cases. They weren't applicable to the general public. I say: those massive human rights violations are just the tips of the iceberg. Millions of people are oppressed everyday. amp.theguardian.com/technology

@tracyspacy "we" not "they", but: no, it's as per my parenthetical, you can read more about it in the release notes (and the links from there).

@FreePietje on the first point, but that's where i think you're making a big oversimplification: just as, we can't choose the laws we live under, so (much less clear cut, but) it's either hard or impossible to stay out of the main public forum(s), depending on the nature of your life and work. I have that luxury but many do not. And the pressure is not only social, it bleeds into even the bureacracy.

As you say we can warn and suggest and cajole (as I was, here) but it's not working, thus far.

@FreePietje the problem isn't with feelings and, the more subtle point: it *isn't* a criticism of the corporation.

"Just go elsewhere" works for a tiny minority, but many have said their careers depend on it.

Politics? Society? I guess, but not the corp. itself.

It seems like we agree on the trend, but I would say maybe 10 yaers ago I was quite ignorant about how easily western society fell into this hole. I thought there was a cultural force preventing it, but it's almost nowhere to be seen.

New release of Joinmarket.

Includes use of fidelity bonds (think: timelocked outputs acting as "skin in the game" to prevent Sybil attacks):


Release notes give the necessary details as usual.

Weird, 2 years after the static "pubkeys.txt" file that python.org hosted containing developers keys, was found to contain some fake keys, they finally merged a PR to remove that file from the web server:


So this no longer resolves:

It's on the internet archive though of course. Everything on the internet is forever.

waxwing boosted
Show older
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!