Wasabi + HW Wallet Privacy Setup \ stacker news ~bitcoin

pull down to refresh

689 sats \ 17 comments \ @chungkingexpress 28 Nov 2022 bitcoin

I have only just learned that hardware wallets can work with other software like Electrum & Wasabi through the Hardware Wallet Interface (HWI) without private keys ever touching the computer. (For some reason I had assumed that 'Connecting your hardware wallet to Electrum' meant importing your private keys into Electrum).

As far as I can tell, this mean you can setup something like:

Buy on KYC Exchange (only easy option in my country) > Send to a Wasabi Wallet address for coinjoin
Perform the coinjoin on Wasabi, eventually sweep it to seperate HW Wallet from within Wasabi too.
Keep track of balance using a watch-only mobile wallet

Privacy Benefits:

Avoids using HW Wallet Manufacturer software and nodes, avoids exposing XPUB.
Avoids KYC Exchange
Brings in a coinjoin before sweeping to HW

Does this sound like a solid setup? Keen for some feedback!

view all related items

4 sats \ 2 replies \ @scampy 28 Nov 2022

On this:

Avoids using HW Wallet Manufacturer software and nodes, avoids exposing XPUB.

Note that some HWWs like the Ledger series require that you use the manufacturer software when initialising the device. Unless you can do this step offline, it's theoretically possible for them to collect your xpub.

For Coinjoins, I like using Sparrow connected to my own Bitcoin node. Sparrow has a nifty feature where after a specified number of mixes, the coins are sent straight to your HWW.

50 sats \ 0 replies \ @sime 28 Nov 2022

For reference you can technically load Trezor FW offline using the command line interface.

It's not the easiest thing to do, but possible.

0 sats \ 0 replies \ @tomlaies 28 Nov 2022

That's a good point. I never thought about dependence on manufacturer software. On the other hand you probably have your 12/24 words backuped somewhere

13 sats \ 9 replies \ @sommerfeld 28 Nov 2022

My advice is to stop using wasabi. They actively collaborate with chain analysis companies who managed to demix their coinjoins in the past.

Alternatives: whirlpools using samourai / sparrow.

You should also avoid kyc exchanges even if you coinjoin. They essentially still get the data of how much bitcoin you bought in total.

Protect yourself both from the earning and the spending side.

1 sat \ 4 replies \ @chungkingexpress OP 28 Nov 2022

Can you share some more info about wasabi sharing data?

13 sats \ 3 replies \ @sommerfeld 28 Nov 2022

From the horse's mouth: https://blog.wasabiwallet.io/zksnacks-blacklisting-update/

There are also a bunch of PDFs circulating around but I'm on my phone rn.

0 sats \ 2 replies \ @chungkingexpress OP 28 Nov 2022

Very interesting. It perfect the enemy of good though? I have never heard these criticisms of Wasabi before. I did find the coinjoins a bit slow and am happy to try something else. Is there a good robust single wallet solution for coin-joining and managing a HW?

0 sats \ 1 reply \ @sommerfeld 29 Nov 2022

Being potentially state captured is far from good, nevermind captured.

Is there a good robust single wallet solution for coin-joining and managing a HW?

Sparrow (desktop-only)

Imo you should not manage a hw on a phone anyway. You should only use the hw for spending which should be rare. For receiving and tracking your savings, use the hw xpub to create a watch-only wallet in any bitcoin wallet app (e.g. bluewallet).

0 sats \ 0 replies \ @chungkingexpress OP 29 Nov 2022

Yes I would not imagine managing via phone, just HW watch only.

0 sats \ 1 reply \ @chungkingexpress OP 29 Nov 2022

Are whirlpools and coinjoins different concepts / functions?

0 sats \ 0 replies \ @sommerfeld 29 Nov 2022

Whirlpool is a mixing tech that coordinates trustless coinjoins.

It is currently implemented in sparrow and samurai wallets.

An alternative to Whirlpool is Joinmarket which is fully decentralized but as a result, it has lower liquidity and thus a lower anonymity set. It required a bit more experience and technical background to set it up.

0 sats \ 1 reply \ @chungkingexpress OP 28 Nov 2022

Also, I think I can run my own node with wasabi, does that counter their analysis?

0 sats \ 0 replies \ @sommerfeld 29 Nov 2022

The analysis is on-chain. Running your own node only gives you network-level privacy, not on-chain privacy.

10 sats \ 0 replies \ @rapidlab309 28 Nov 2022

Using Wasabi with hardware wallets doesn't mean it won't use someone else's node. At this moment you use Wasabi's nodes. Buying from KYC and use Wasabi Coinjoin feature won't erase KYC. Wasabi is broken and bad actor on the Bitcoin community.

Use Sparrow for better privacy related features, use your own node and use hardware that honor your privacy like Passport by FOUNDATION.

0 sats \ 2 replies \ @doubleplusgood23 28 Nov 2022

What’s the risk of using a coinjoin? Isn’t there a possible risk your KYC info will be flagged in the future for using a known coinjoin address?

0 sats \ 1 reply \ @chungkingexpress OP 28 Nov 2022

Are coinjoin addresses known? Onchain won't it just look like a random transaction?

15 sats \ 0 replies \ @tomlaies 28 Nov 2022

Transactions from lots of adresses to tots of adresses look a little different than transactions a->b