Oddbean new post about login | logout For the record, the whirpool-client code does have Tor identity management. The code I showed belongs to the new soroban implementation and I did not review the old client (very badly structured code). However neither the android app nor sparrow manage identities. The android app because it is computationally expensive, hence one of the reasons why wasabi never had a phone client and sparrow because it was not implemented correctly. I don't know what percentage of people were using said desktop client, but evidently everyone who has used the android client or sparrow has not been protected. nostr:note15720avmmchg6fy8rqmwxrxut3cy6kfg297l7scn3gjysemmzrfzsxjva9p
When you say "Android Client" you mean the Samourai Android Wallet? There was never a Whirlpool Android Client, the Whirlpool service was included into Samourai Wallet.
I mean Samourai Android Wallet, even using Dojo.
Can’t believe you’re the only one that had reviewed the code until now. Do you refer to Sparrow just the desktop client or any specific functionality within it?
I am not the only one, whirpool's shortcomings have been addressed before by others, both xpub exposure, lack of identity management, and key tagging vulnerabilities in signature management by the coordinator. When I refer to sparrow it is using the whirpool function.
Remixing in the app was impossible because Android disables apps in the background. Using the desktop client was the only way to remix. It is clear that you did not use it.
I've obviously never used that shit, from the very beginning it has had several red flags. I only used it with Sparrow (which is also useless). I'm just checking the code. By the way the whirpool client code reuses the incoming tor connection. In any mix you have made you can tag inbound and outbound even though it uses a new connection on the outbound. Holy crap.
You are wrong, it has been proven to you, and keep repeating it in a loop. I will follow the Samourai red flags 😉
You have no idea what you are talking about: - if you make a mix with samourai the coordinator knows ip in and out which is the same - if you do a mix with sparrow and remix the same thing happens. - if you remix with the whirpool client since they reuse the input connection you have the same problem again. I have proved it to you, don't repeat the same lies of Samourai.
you have not proven anything. First you said there was no identity management. Then you said that they were just recent additions. You have already admitted that you never used it and clearly you don't know the code either. Stop lying, we will never use fake coinjoins protocols.
Hahahaha do you know how to read the code? Prove it to me with code.
I'm not someone promoted like you, you're just a grateful stomach.
Promoted? 😄 I'm not the one trying to convince people to use this or that service.
I really think you have a reading comprehension problem. Here the only one who is promoting a coinjoin exclusive method is you.
How can I be promoting a service that is not operational? I have no incentive to promote anything.
"Stop lying, we will never use fake coinjoins protocols." You just talk nonsense, but you prove nothing. Answer me, if the android app has tor off by default, if you also filter the xpub, what good is coinJoin? Answer me, if I enable tor, what good is it if it does not manage identities and the coordinator correlates the incoming and outgoing ip? Answer me, if I use the desktop client for remixing, what good is it if it generates a new outgoing identity if I constantly refuse the incoming identity? Answer me, what's the point of using sparrow if it doesn't handle tor identities? The cult is the most important thing for you.
Here, you have a video (2021) where there is a clear attempt to hide TOR activation to the user. I'm not even sure it works without TOR activated https://youtu.be/6pIjy2yTFJ0
I don't promote anything, I study the different methods and use combinations of them. From coinjoin, statechains, lightning, swaps, even Monero. Those of you who are closed minded and worship are the followers of a tool that is a disaster like Samourai.
Even if the android app would make use of identities it does not, it has tor disabled by default.
And this code is garbage because it reuses the input circuit constantly. https://github.com/Archive-Samourai-Wallet/whirlpool-client-cli/blob/91f8609bad8a9d33948b915a01e89aae99c09034/src/main/java/com/samourai/whirlpool/cli/wallet/CliWallet.java https://github.com/Archive-Samourai-Wallet/whirlpool-client/blob/6eefd5b854110ad5758eb2b34be775ca44d867f5/src/main/java/com/samourai/whirlpool/client/whirlpool/ServerApi.java
😉
For the record, Switching identities (using a different connection) between input and output registration is actually described as a requirement in the Zerolink coinjoin specification. You are saying that Samourai did not implement this requirement, which is not true and trying to spread lies about people who can't defend themselves.
I am being transparent in my analysis, and assuming my mistakes, you are not and inventing nonsense. To outline: - Samourai Android does not manage tor identities. - Sparrow has faulty management, so ultimately it does not manage tor identities either. - the whirpool client manages the identities but reuses in the remix the input identity, therefore the outputs can be linked. I will never understand the cult when privacy is at stake. Accept that you have a flawed solution, you respond the same way you did when it was shown that you exposed the public key in your Android Wallet.
And one thing is the requirement and another how you have implemented it, the management by whirpool is disastrous.
> For the record, the whirpool-client code does have Tor identity management > However neither the android app nor sparrow manage identities. Sir, as pointed by Pavel, whirlpool-client is a dependency of the android app: https://github.com/Archive-Samourai-Wallet/samourai-wallet-android/blob/develop/app/build.gradle#L127
The android app doesn't even have tor activated, and even if you activate it, it doesn't manage identities, check the code.