reply on: My new coinjoin wallet is powered by nostr and built for a mobile-first world \ stacker news ~nostr

645 sats \ 0 replies \ @super_testnet OP 1 Dec 2022 \ parent \ on: My new coinjoin wallet is powered by nostr and built for a mobile-first world nostr

Tony said... But concerned about the reliance on nostr. How privacy preserving is it really?

Very private if you make a conscious effort to use it privately, but I haven't done that. Nostr can be used as a cache for anonymous messages if you use a different pubkey for every message. I'm not doing that so I'm not using it in a very privacy conscious way. You can view every interaction with a market maker from initial contact through each psbt signature. You can't view the contents of those messages but you can pretty well guess their general contents because my codebase tells you the order in which messages are sent back and forth. Plus you can do timing analysis: after the final round of signatures you can watch the blockchain for a coinjoin's appearance, and then know exactly what coinjoin the market makers coordinated with the taker on. But even if you do all that you still won't know what outputs belong to whom. You'll just know the sender sent money to one of those outputs and that the other ones belong to market makers, but you won't know which is which, which is the really important thing that coinjoins are supposed to achieve.

Tony said... I heard they censor tor IPs because they have an unsolved spam issue.

Some relays do that, and those same relays also take your ip address and match it against a list of known spammer ip addresses. So if you want to use nostr privately (and, by extension, void), consider using a vpn. You should also connect it to your own node because right now it doxes all your bitcoin addresses to mempool.space, but I haven't written in any tools for connecting it to your own node so good luck!

Tony said... Plus linking utxos and communicating through the same nostr pubkey isn't good either.

Doing key rotation in nostr is pretty easy, I've done it for a prior project where I attacked a bunch of nostr relays with a load of spam. (Incidentally, that spam attack is also the reason why many of them now track ip addresses and block tor users, so in a sense it's all my fault.) It wouldn't be difficult to add that and thus make data tracking harder. As for linking utxos, the only way I know how to stop that is by learning how to do blind signatures. That sounds fun so maybe I'll do that next.

Thanks for the feedback Tony!