Connecting to the internet through Tor is a core component of a bitcoin privacy wallet. Along with block filters, it’s the answer to bitcoin network privacy.

As expected, Wasabi Wallet comes with Tor bundled in and enabled by default (you can opt out, but it’s not recommended), but how exactly does Wasabi Wallet implement Tor?

Wasabi Wallet makes all of its requests through Tor, but it alternates the connection (circuit) modes so that for super-private things like coordinating a coinjoin, its circuit is updated after each operation. This allows the user to have privacy from both the coordinator, the Bitcoin network and the Tor network.

This article will define what Tor is, how Wasabi Wallet implements Tor exactly, what are the operations that require an immediate circuit update, why the coordinator doesn’t use an onion service anymore, and how Conflux could be a future solution to improve reliability.

First, it’s important to understand that using the Internet without Tor (or alternative protocols) reveals your IP address to the server you’re connecting to. The goal is to protect a user’s IP address from their Internet peers and the public.

How Does Tor (The Onion Network) Work?

Tor is a free and open source software that enables anonymous communication for online activities by encrypting and routing Internet traffic through a network of servers, making it difficult to trace the origin or destination of data.

In other words, Tor is a peer-to-peer network that anyone can join to hide their IP address from the destination server. Here’s a simple illustration of how Tor works:

Tor is used in Wasabi Wallet for all communication purposes by default, i.e. to connect to the bitcoin network to download blocks and broadcast transactions, and to the coinjoin coordinator to receive block filters and the state of the coinjoin rounds when loading the wallet, and most importantly, for all the communication steps of the coinjoin transaction such as input selection, output selection, transaction signing. (Read about how a coinjoin transaction works in detail). 

Now let’s take a closer look at Wasabi Wallet’s Tor implementation. 

How Exactly Does Wasabi Wallet Implement Tor?

First off, we want to make sure that all communication happens through Tor. Each time we communicate we create an HttpClient (software used to send and receive responses from a server) and we set it up with Tor.

In addition, Wasabi enables Tor’s control port to manage and switch connection (circuit) modes. There are three circuit modes:

• For DefaultCircuit, on every session, we set up a default circuit that we will use when we don’t use other modes, usually for operations that are not too sensitive. 
• For SingleCircuitPerLifetime, we create a new circuit just for this HttpClient, which we will reuse throughout the lifetime of the component that created the HttpClient.
• NewCircuitPerRequest is the most private mode. We use it when we want each request to have its own unique circuit, such as during the coinjoin coordination process.

 It’s important to note that Tor circuits are slow and hard to create, which is why we try to avoid creating new ones when it’s not necessary. Here’s an example to understand better circuit mode management.

When a component needs to communicate on the Internet, it requests a new HttpClient configured with the mode it needs. When we use the RoundStateUpdater (to get the state of the coinjoin round), privacy is not critical. This is because every Wasabi client polls this endpoint, whether it’s actively participating in a coinjoin or not. 

Since this query does not reveal client uniqueness, we create the HttpClient for the component with the SingleCircuitPerLifetime mode.

Now what are the operations that require the highest level of privacy with the circuit mode NewCircuitPerRequest?

What are the Operations that Require Tor Circuit Updates (NewCircuitPerRequest) in Wasabi Wallet?

As mentioned above, Tor is used for all communication when enabled, and a Wasabi Wallet client only communicates with Bitcoin Network peers and the coinjoin coordinator server. Let’s look at the operations that require circuit updates, starting with the coinjoin coordinator process.

For the coinjoin communication, it works separately in two parts:

• Inputs Registration + Inputs Confirmation phases: In this case, it makes sense to use one circuit for all requests related to one input, so we use the SingleCircuitPerLifetime mode, and we create a new HttpClient per input.
• Everything else: For the rest of the critical phase, we shouldn’t link any requests with each other. So we can use a single HttpClient, but we have to use the NewCircuitPerRequest mode.

For Bitcoin network communication, we use NBitcoin and its own Tor implementation so it works very differently. To protect privacy additionally on the block download step, we disconnect from a network peer every time we download a block. 

We’ve explained in detail how the Wasabi Wallet client Tor implementation works, now let’s answer a common question regarding the abandoned use of an onion service for the coordinator server.

Why The Wasabi Coordinator Doesn’t Use an Onion Service Anymore

An onion service is a server configured to only receive incoming connections through Tor, providing privacy and censorship resistance to servers by bypassing DNS.

It used to be the case that the coordinator would run an onion service and clients would connect to it. However, this is no longer the case due to reliability issues inherent in onion services. In addition, the coordinator server doesn’t need privacy from the public so there’s not too much incentive. 

For Wasabi’s coinjoin coordination process to work properly, the standard deviation of the request time must be small. Each request has to happen in a few seconds, and this time frame can’t vary much from request to request. Reliability is a major issue for Tor.

However, a solution seems to have arised…

Conflux as a Potential Reliability Solution for Tor

Conflux is a new Tor project that aims to solve Tor’s inherent reliability problems. If you need bandwidth reliability: you use Conflux, and it duplicates your request and sends each one through different circuits. Since reliability failure is a low-probability event, it’s extremely unlikely to happen with two different requests (e.g., 0.1 * 0.1 = 0.01),

Since Wasabi’s use of Tor varies depending on the action, sometimes we would use Conflux and sometimes we wouldn’t. Unfortunately, this isn’t possible with our current implementation. An alternative implementation called Arti would allow us to solve the Conflux management problem.

Conclusion

In this article, we’ve explored how Tor works, how it’s implemented in Wasabi Wallet through the alternative circuit modes depending on the action, which operations require the most private mode, why the coordinator no longer uses an onion service, and how Conflux is a solution to the reliability issues inherent in Tor. 

This article, among other technical content, demonstrates that Wasabi Wallet is the superior bitcoin wallet for network privacy. To learn more about all the benefits of Wasabi Wallet, check out the Coinjoins.org review. 

The post Explaining Wasabi Wallet’s Tor Implementation appeared first on Wasabi Wallet - Blog.

Turbosync has been introduced in the 2.0.4 release of the Wasabi Wallet and reduces load times by up to 90%. We did this with accessibility in mind so that even slow internet users can use Wasabi with less friction.

As a Wasabi Wallet user, you want your bitcoin activity to be private. Coinjoins are great for that, but they’re not the complete solution. To do bitcoin privacy right, you must solve blockchain privacy, which coinjoins do, and network privacy. How does Wasabi Wallet handle the latter? We implement block filters (BIP 157-158) as a solution to download bitcoin transaction data without compromising network privacy

One of the biggest challenges with this implementation is that users have to download a lot of data compared to other light client solutions. This results in longer load times when restoring or initializing a wallet on Wasabi. Fortunately, the hard work of the contributors has resulted in an optimization.

What is Turbosync and How Does it Reduce Wasabi Wallet’s Load Time by Up to 90%?

This release optimizes the filter-checking process to reduce wallet loading times by 90% thanks to code cleanup and a clever key prioritization process dubbed “Turbosync”. With Turbosync, internal addresses that have already been used are not checked for coins in new blocks until after unused addresses have been checked first. Filter performance has been further improved by storing them in a SQLite database instead of a plain text file, reducing disk space requirements by about 1 GB and increasing resilience to file corruption.

To better communicate this topic, we first need to take a quick look at the challenges of network privacy in bitcoin, block filters as an abstract solution, Wasabi’s specific block filter implementation, and the details of Turbosync along with the fixes in the 2.0.4 release.

The Challenges of Network Privacy in Bitcoin

Network privacy in Bitcoin is an essential piece of the puzzle to solve. The goal is to connect to the Bitcoin network privately in order to track your wallet’s addresses and broadcast transactions. As you may know, running and using a Bitcoin node is the best thing you can do because you’re part of the network and you don’t need any intermediaries. Read this article to learn more about the benefits of running a bitcoin node.

While this is easy to say, it is harder to accomplish since running a bitcoin node requires a lot of bandwidth and disk space. It also takes a long time to set up, from a few hours to a few weeks (usually 12-36 hours). Light wallets are inevitably the standard for their ease of use, which is something even Satoshi acknowledged on the Bitcoin White Paper, as SPV (Simple Payment Verification). 

The Privacy Problem of Light Wallets

There are two main approaches to network connectivity for light wallets, SPV and API (Application Specific Interface). Both have inherent privacy flaws that this section will explore. 

SPV was a terrible design because it couldn’t validate transactions, it wasn’t private, and it wasn’t fast. Bloom Filters were added to SPV wallets in BIP37, as an effort to increase privacy. However, this was debunked in the following years because bloom filters download specific transactions, which makes it straightforward to deduct which coins belong to the user’s IP address.

API wallets were introduced as a way to make network connectivity fast. They work by connecting to a central server via an API. Examples include BitPay’s wallet, Mycelium, and the Electrum server framework. This centralized approach means that users’ transaction data can be logged and linked to their IP address. Again, there are privacy limitations with Bitcoin network connectivity.

Doesn’t Tor Solve This?

It partially solves this. Yes, Tor (The Onion Network) is software that allows for anonymous communication by encrypting and routing internet traffic through a network of servers, making it difficult to trace the origin or destination of data. This means that it hides your IP address from the SPV network peers or the API server. However, all your transactions and coins are still linked to each other, which remains a big privacy problem. 

Tor is bundled with Wasabi Wallet and is enabled by default. The remaining part of the network privacy problem is solved by Block Filters.

Block Filters as a Solution for Bitcoin Network Privacy

Block Filters were introduced in BIP 157 and BIP 158 as a privacy improvement over Bloom Filters. Block filters compress block data to help wallets like Wasabi receive transactions from peers without compromising privacy by downloading specific blocks instead of looking up single transactions.

With block filters, full nodes create filters for each block, and light clients fetch these filters. With bloom filters, the light client creates and sends the filter to the full nodes. There’s a key difference in the direction of filter creation.

Although filters consume bandwidth and storage, keep in mind that this additional consumption of network and hardware resources is nowhere near those of a full bitcoin node. Only ≈3GB of filters and blocks are required to sync a wallet instead of 500GB of block history. 

How does this work in Wasabi’s specific context?

Wasabi Wallet’s Block Filter Implementation

Wasabi’s coinjoin and privacy features would not be complete without a block filter implementation. There’s three steps for wallet synchronization: Filter Download, Filter Scanning and Block Download.

Filter Download 

Implemented differently in Wasabi Wallet than on the BIPs because they’re downloaded from the Wasabi backend coordinator server, through Tor. This takes a while the first time, but it’s much faster on the next occasions since it only has to catch up to the newest blockchain state.

Filter Scanning

When you load a wallet, it checks if the generated addresses within the gap limit hit against a block filter. If a transaction of yours is in a block, then the corresponding filter will always be hit, and the wallet will know this is a relevant block for you. There’s a small chance of a false positive where the filter matches, but the block actually does not contain a transaction.

Block Download

When a block filter hits, either a true match or a false positive, the wallet will download it. If you have a Bitcoin full node connected, then it will fetch the verified block locally. If not, then Wasabi will connect to a random Bitcoin P2P node with a new Tor identity, and request only this block for download. In this step, your Wasabi behaves like any other full node, and cannot be differentiated. Once every block wanted is downloaded, the wallet load has finished and your wallet dashboard appears.

It can be annoying for users to be presented with the wallet load screen and having to wait for this to complete before using their wallet. To speed things up, our software contributors noticed that some improvements could be brought to this implementation and Turbosync was born.

Turbosync and 2.0.4 Release Improvements

Turbosync is a feature introduced in Wasabi Wallet’s 2.0.4 release that changes how filter scanning is done in order to present the user’s dashboard as fast as possible. It operates with the heuristic that internal keys (coinjoin outputs or change addresses) should only be used to receive coins once and to spend. As soon as an address (part of the internal keys) hits a block filter twice, it has received coins and then spent them, we skip checking this address and we move on to the next one. 

Once all addresses have been checked and the required blocks are downloaded, the wallet load screen will change to present the user’s dashboard. However, filter scanning will continue in the background and the skipped addresses will be checked. In the case that some additional funds have been received on those addresses. Users in that edge case would see their balance update automatically after some time. Once done, the message “Wallet is fully synchronized.” will be written to the logs file to indicate that the verification process has finished.

Wallets that coinjoin frequently will benefit the most from this feature, as the vast majority of their addresses will be skipped. It’s important to remember that false-positives happen and they lead to unnecessary additional load time. Turbosync reduces the amount of false-positive blocks downloaded before the user’s dashboard appears. 

TurboSync feature shouldn’t cause any issues, but you might want to disable it to debug potential issues with the synchronization of your wallet. In that case, go to your wallet file (search for `Wallet Folder` using Wasabi’s search bar then open the file corresponding to your wallet) and set `UseTurboSync` to `false`.

What other improvements were made to the Block Filter implementation?

Filter performance improved even more by storing them in an SQLite database instead of a plaintext file, reducing disk space requirements by about  1 GB and increasing resilience against file corruption. This is a standard software development practice that is applied to the block filter implementation, but is not related to the steps for wallet synchronization.

Conclusion

In this article, we explained the network privacy problem of bitcoin light wallets and how both SPV and API wallets fail at solving this. We explain how Tor is part of the solution, but how Block Filters are the remaining piece of the puzzle to solve this problem. We then break down how block filters work in an abstract format, but also how Wasabi Wallet implements it. Finally, Turbosync is introduced in the 2.0.4 release with some other improvements such as the introduction of an SQLite database for block filter storage. Together, both of these changes can reduce Wasabi Wallet’s load time by up to 90%. 

The post Turbosync: Wasabi Wallet’s Loading Time Reduced by 90% appeared first on Wasabi Wallet - Blog.

How do you scale a blockchain? You don’t. Block space is inherently limited, and everyone making Bitcoin transactions competes for it. RBF and CPFP are some of the most prominent tools in the toolbox of a user for the block space scarcity competition.

Wallets

I have compiled a list of non-custodial Bitcoin wallets for desktops that are actively being developed and are open source. Please note that I have excluded those that require a hardware wallet since I don’t have access to them in my current location (Ledger Live, Specter, Trezor Suite.)

RBF

RBF, stands for Replace By Fee and is a feature that allows modification of an unconfirmed Bitcoin transaction to include a higher fee, thus confirming sooner. While it is less well-known, this feature also allows for the cancellation of unconfirmed Bitcoin transactions.

CPFP

CPFP, short for Child Pays For Parent, is also a handy feature that accelerates a transaction by spending one of its outputs with a high fee. This results in a child transaction, paying for the parent transaction. CPFP is especially helpful when we cannot use RBF, such as when receiving a transaction and not owning all the inputs involved.

Speed Up Receiving Transaction

Bitcoin Core

N/A

Electrum

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Nunchuk

N/A (They claim it’s available on their blog, but I couldn’t find it, so it seems it is only the case with their mobile version.)

Sparrow

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Wasabi Wallet

Step 1

Step 2

Step 3

Step 4

Speed Up Sending Transaction

Bitcoin Core

Step 1

Step 2

Step 3

Electrum

Step 1

Step 2

Step 3

Step 4

Nunchuk

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Sparrow

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Wasabi Wallet

Step 1

Step 2

Step 3

Step 4

Cancel Transaction

Bitcoin Core

N/A? The option appears to be greyed out for me.

Electrum

Step 1

Step 2

Step 3

Step 4

Nunchuk

N/A

Sparrow

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Wasabi Wallet

Step 1

Step 2

Step 3

Step 4

The post RBF and CPFP: UX Survey with Screenshots appeared first on Wasabi Wallet - Blog.

This article guides you through securing your identity in the digital world by providing a list of technologies you can use to protect yourself. This list goes from the device you use, how you access the internet, how you authenticate to websites and applications (email and phone number), how you communicate with peers, and finally, how you make payments online.

The technology recommendations are for beginner and intermediate users who want to protect themselves. For those that wish to learn more and for advanced users, there are links to every technology mentioned.

A Secure Device and Operating System

As of September 2022, it is estimated that Android is the most popular operating system in the world, with 43% of the market share. Windows follows it at 29%, Apple iOS at 16%, MacOS at 6%, and desktop Linux at 1.1%. Even though Android is open-source, most versions come by default with Google spyware. For Apple (both iOS and MacOS) and Windows, it’s even worse since you have little control of the device and can’t escape the hold Big Tech has on it. For example, even if you turn off sharing analytics with Apple on your iPhone Settings, that communication remains in the background.

If you want a secure device and operating system, the best technology you can use is an open-source Desktop Linux that is not commercially attached to a company. That immediately discards Ubuntu (Canonical LTD), which is prepackaged with telemetry software that you have to opt out of and has been called spyware by the free software pioneer Richard Stallman. Redhat (Inc) is even worse because you need to create an account and buy a commercial license to use it. There are many options for community-driven Linux distributions, such as Mint, Debian, Fedora, Qubes, TailsOS, etc.

Linux Mint is often recommended for its simplicity and popularity, allowing non-technical users to install it on their desktop or laptop in only a few hours. Here are the instructions on how to do so from the official community website. It’s Debian based, so it has the same software compatibility as Ubuntu.

Although privacy and identity on mobile devices are harder to figure out, it’s still possible to do so. There are modified Android versions that remove every spyware packaged by Google, and one that has received wide approval from the open-source community is GrapheneOS. There is a limited number of devices you can install this operating system onto, but you can find a list of them here. Finally, here are some instructions on how to complete that process.

You now have a desktop or mobile device with an identity-protecting operating system.

Protecting your Identity when accessing the Web

As soon as you communicate with a web server through a browser interface or the command line, your IP address will serve as your identity for communication. You might think there’s little risk associated with that because there’s no immediate identity link. Still, the reality is that the server can estimate a very accurate geographical location, which traces back to you.

Using a VPN to Route your Traffic

Although there’s some controversy about VPN usage, given you use a centralized server to route your traffic, it probably is better to use one than not. Many providers claim to implement a no-logging policy, but it’s hard or impossible to verify if it’s true. A false sense of security won’t blind you if you’re aware of the limitation that the VPN server is aware of your IP address and can be hacked or involved in a leak.

Privacyguides.org is a website maintained by privacy advocate Jonah Aragon that reviews VPNs based on stringent criteria such as open-source clients, independent audits, and accepted private forms of payment. Their only three recommendations are Proton VPN, IVPN, and Mullvad VPN, none of which have been hacked. They have versions for any operating system and you can purchase any of them with bitcoin (more on identity-protecting payments in a different section).

For those worried about performance, Mullvad supports Wireguard, a modern and faster VPN protocol. Here’s an article from Jameson Lopp on how to set up Wireguard for a better web experience.

A Decentralized but Slower Alternative: Tor Network

There are many reasons you would want to use Tor instead of a VPN. First, you simply don’t want to rely on a centralized service because of the risks of leakage or hacking. Also, you don’t want to pay for a more performant and easier-to-use service. Finally, and this is only the case for onion services, you care about the privacy of the website server and not only your own.

Tor (The Onion Router) is a peer-to-peer network comprised of clients like you and voluntary relay servers that route your traffic. Every time you connect to a web server, you hop through many relays before reaching your destination. Each relay knows only the IP address of the previous and the following peer, so making many hops protects your identity from the endpoint and middle relays. Although the entry guard knows your IP address, this information isn’t useful by itself since it doesn’t know your web destination.

Here’s an illustration that demonstrates how the Tor network works.

Tor is available as a client-side application with the Tor Browser and as a server for more complex and technical use cases. You can install Tor Browser here, and for more advanced users curious to know how to run a relay server, the instructions are here.

Using Private Email Addresses and Phone Numbers for Authentication

Now that you can access the internet in an identity-protecting way, you may want to use web services. You already know that most of these services will ask you for an email address or a phone number to sign up, so you will want to equip yourself with services that can provide unlimited accounts without compromising your privacy or security.

Secure and Private Email Addresses

ProtonMail is recommended because of its reputation, encryption security, simplicity, and free plan. Even though they provide a centralized service, they don’t have access to your emails; only you do. The application code is open-source and independently audited by third-party security experts. You can sign up here.

You can also use their complementary service SimpleLogin which provides an additional ten email aliases for free to keep your primary email private from most services. Every email sent to any of these aliases ends up in the same inbox, similar to how you use different addresses to receive bitcoin in the same wallet. For single-use applications without sensible data, you can use a service like TempMail to receive emails on a temporary email address.

VoIP Phone Numbers and International eSim Cards

Phone numbers are trickier since they’re not web-native. Still, getting one without compromising your identity security anywhere in the world is possible. First of all, there are many VoIP (Voice over IP) services available that you can purchase with bitcoin and even some that are free.

I haven’t verified any of those services, so you must research the one you choose to ensure you feel comfortable with the associated risks. Here’s a website where you can find many of those options.

The main limitation of using a VoIP service is that many applications will simply detect that it’s not an actual phone number and will block you from using their service. Also, they’re usually not the most privacy-preserving services out there. Don’t worry; there’s a way to get an actual phone number in a very identity-protecting way.

Silent Link is an available worldwide service that sells eSIM cards for bitcoin for data and a US-based or UK-based phone number. You don’t need an email address, you can just make your bitcoin payment (on-chain or lightning), and you’re good to go.

You will need a mobile device for this, so if you don’t have one, you are stuck with VoIP services to obtain a phone number.

The SilentLink instructions to purchase an eSim Card.

End-to-End Encrypted Communication Tools and Decentralized Social Media

Two of the most critical use cases of the internet are communication and social media. In this section, I will explain the different technologies you can use for private conversations and networking without compromising your identity.

End-to-end Encrypted Communication

The first thing you should not compromise on if you want to protect your identity when it comes to communication, is end-to-end encryption. It’s 2023, and it’s tough to argue the need to use a tool that doesn’t provide this essential feature. Gladly, there are many options that we will go through in this section.

End-to-End encryption is a method that ensures only you and your recipient can read the communicated information, secured by cryptography.

Unfortunately, there isn’t much compatibility between popular communication protocols, so you usually have to use the same client as the person you’re trying to connect with. The most popular ones, such as Facebook Messenger, Instagram, Whatsapp, Twitter, Snapchat, and Skype, are all out of the window since they don’t provide essential identity protection.

If you’re willing to make an effort to get a private phone number, Signal is a solid option that provides ease of use, end-to-end encryption, and many users. Telegram receives many recommendations too, but you have to be careful when using it; only Secret Chats are end-to-end encrypted, and they don’t support groups. However, group communication is at risk of a leak if a single user is compromised or spying on purpose.

Some new applications, such as Keet and Sessions, don’t require phone authentication and are starting to look promising, but their use remains low compared to Signal or Telegram. Some alternatives, like Sphinx, use the Bitcoin Lightning Network for end-to-end encrypted communication in a peer-to-peer fashion, with payment support.

Decentralized Social Media is a Reality

Social Media has always been a nightmare for privacy and censorship resistance, evolving further into a dystopian monopolistic market over the last decade. Mastodon came out in 2016 and has been a way to distribute server control in a federated system. Still, it requires an email address to sign up, and many servers are known for strict control of content policy, often for political or personal reasons.

Lately, a new alternative has emerged named Nostr that uses public-key cryptography for identity (no email address) and a relay model that allows users to switch from one server to another if censored. Nostr is different from other social networks because it has no single point of failure. You can also bring your connections when switching client applications, so a specific service can’t lock you because of its network effect. Here’s a list of clients you can use to sign up for Nostr.

How to Make Identity-Protecting Digital Payments

In this final section, I will dig into the missing key element to protect your identity in the digital world, Bitcoin, and how you can optimize your use to make it private by default.

For transaction purposes, Bitcoin uses addresses; identifiers comprised of random letters and numbers derived from your public key, which derives from your private key. After receiving bitcoin at your address, you can use your private key to spend it, which proves you own the bitcoin.

Blockchain and Network Privacy on Bitcoin

Given Bitcoin’s decentralized nature, audibility is a crucial feature to allow every peer-to-peer node to validate the authenticity of every transaction. Anyone can verify their Bitcoins are legitimate, but it also means that your transactions are available to the world. If you link your address to your identity, it creates invasive personal links to your total wallet balance and transaction history.

Following that logic, the first step towards keeping your identity secure when using Bitcoin would be to avoid linking your identity to one of your bitcoin addresses by not using KYC (know your customer) services such as centralized, regulated exchanges. You can acquire your bitcoin in ways that don’t require identity verification, such as peer-to-peer transactions, mining, or selling products and services for bitcoin. However, it’s not always easy due to location restrictions, low liquidity, and a limited Bitcoin circular economy. Also, when spending bitcoin remotely to receive physical goods, you must provide your physical address, which compromises your identity security.

On top of blockchain privacy, you require network privacy when using Bitcoin as any other Internet service or protocol. When using most light wallets or a Bitcoin node (e.g. Bitcoin Core), your network connection will reveal your IP address unless you configure it with a VPN or the Tor Network. Most wallets don’t keep your IP hidden out of the box and require configuration.

The Privacy Solution for Bitcoin: Wasabi Wallet

The top recommended bitcoin wallet for identity and privacy protection is Wasabi Wallet. First, there are no network configuration requirements when using Wasabi; Tor is prepackaged and activated as soon as you launch the application.

Then, once you deposit some bitcoin to your Wasabi wallet, it can be coinjoined for additional blockchain privacy. This process provides privacy for your bitcoin addresses even though a previous transaction you did has a link to your identity; by participating in a coinjoin, you break that link. The coordinator service run by ZKSnacks, the company behind Wasabi, can’t deanonymize or steal from you.

Wasabi Wallet is available across Desktop platforms, and you can download it here. If you want to learn more about Wasabi, there is publicly available documentation that can answer most of your questions. You can always join community groups (Discord, Telegram) to ask for further help or even get involved in the open-source project yourself if you want to contribute to Bitcoin privacy.

Conclusion

In this article, we enumerated the best technologies you can use to secure your identity online. We recommended a desktop and mobile operating system, networking routing tools such as a VPN or Tor, email address and phone number providers, end-to-end encrypted communication applications, a decentralized social media platform, and privacy-preserving payments through Bitcoin and Wasabi Wallet.

For further privacy tools, you can consult this website which reviews many technologies across the categories listed in this article and many others. Additionally, a password manager is an essential tool to add to your arsenal of identity protection technologies; you can find a list of reviewed ones here.

Stay safe out there and remember to reveal yourself to the world only in ways that make you comfortable; privacy is a human right. If you want to learn more about privacy or help acquaintances in their journey, Wasabi Wallet’s Blog is a perfect resource with many articles on this subject.

The post The Best Technologies for Keeping Your Identity Secure appeared first on Wasabi Wallet - Blog.

Even though we have our own preferences at Wasabi, we will prioritize what’s best for our users.

Wasabi Wallet will support both sides of any meaningful bitcoin fork. We will not withdraw our support until we are sure our users are given enough time to sell the less successful side of the fork without compromising their security or privacy.

The post Wasabi Wallet Chain Split Policy appeared first on Wasabi Wallet - Blog.

Usually, a Bitcoin node broadcasts not just the transactions of its user, but it also gossips all of the other transactions that it has received from its peers. Thus it is very difficult to find out which transactions originated from which node.

However, when a node does not gossip all transactions, but only the transactions of its user, like in the case of a light wallet, then it is easier to find out which node has sent those specific transactions.

Bitcoin Full Nodes

When you run your own full node, you can precisely verify if the bitcoin you receive are actually valid. When you do not verify this for yourself, then you need to ask another trusted third party how much money you have.
Regardless how you ask this other server, there is now more metadata available to potentially link your coins to your identity.

There are bad ways to communicate, like querying a block explorer over clearnet, and good ways to communicate, like using BIP 158 block filters over Tor. But regardless, running your own full node means that you don’t need to communicate with anyone about your specific coins and this is strictly better.

Bitcoin Transactions

When you make a Bitcoin transaction, you are essentially creating a message on your device and sending it to the Bitcoin network. Someone operating a large number of nodes on the Bitcoin network might be able to match some of your transactions to your IP address, then deanonymize your stack of bitcoin.

It is relatively easy to avoid this on a computer by relaying all transactions through the Tor network. Wasabi routes all traffic via Tor’s SOCKS5 proxy, by default. This means that by default, all network communication is secured from outside snooping and the IP address is hidden.

Wasabi and Tor

Even if no full node is installed, Wasabi has a light client mode based on BIP 158 block filters. The Wasabi coordinator’s v3 onion service sends a filter of all the transactions in each block to all the users over Tor. Then, users check locally if the block contains any transactions with their addresses. If not, then the filter is stored for later reference, and no block is downloaded.

However, if there is a user transaction in that block, then Wasabi connects to a random Bitcoin P2P node over Tor and asks for this entire block, not just one transaction. This block request is indistinguishable from the regular P2P gossip, and thus nobody, neither the server nor the full node, knows which addresses belong to the user.

All Wasabi traffic is tunneled through Tor. Wasabi connects only to onion nodes, so end-to-end encryption is enforced between the wallet and peers. All this without involving any exit node. Wasabi connects to each peer through a different Tor stream. A new Bitcoin peer is chosen for every transaction broadcast.

Tor Consensus Issues

On January 10, 2021, due to an implementation bug, Tor’s v3 onion services experienced instability. A bug fix is already on the way, but until the update you may experience connection problems and delays.

Normal Tor circuits (using exit relays) still work, and v2 onion services still work, but v3 onion services (like the one used for the Wasabi coordinator) are affected and may not publish descriptors, and clients won’t fetch them.

Fallback Scenario

As we said before, all Internet traffic goes through Tor, and by default all this traffic stays inside the onion network. This means that, in Wasabi coordinator’s case, as v3 services are used to coordinate the CoinJoin transactions, there may have been (or there may be) connection and communication problems.

To ensure service availability, Wasabi Wallet is equipped to offer a fallback scenario where exit nodes are involved. For example, if the Tor onion service of the backend becomes unavailable for the user, the wallet falls back to communicating with the backend’s clearnet endpoint, still over Tor. Wasabi also frequently utilizes multiple Tor streams where applicable.

This allows the user to continue to operate, even in unusual/offline onion backend conditions.
The Tor label inside Wasabi Wallet shows the status of the Tor daemon. You can check that your connection is active by keeping an eye on it.

Who have been affected

Most of our users haven’t noticed any interruptions because Wasabi was able to recover automatically. There were a few users who encountered intermittent Tor connection issues. But in most of these cases, restarting the Tor client solved the problem.

The post Wasabi Wallet and Tor Consensus Issues appeared first on Wasabi Wallet - Blog.

Given the huge correlation between Bitcoin and Tor, the news quickly reached major social media, chat rooms and forums; but there is still a lot of confusion about it.
This article will explain if Wasabi Wallet is affected by the issue and how the technology behind Wasabi guarantees security for its users.

TLDR

1. Bitcoin replacement attacks are not possible due to the architecture of Wasabi.
2. Even if they’d be Wasabi stays inside Tor, except in fallbacks.
3. Even if fallbacks, Wasabi enforces HTTPS traffic, so exit nodes still cannot read or replace the traffic.

Summary of the attack

The entire operation is an MITM (man-in-the-middle) attack to Tor users. This attack tries to manipulate traffic as it flows through (malicious hacker controlled) Tor exit relays. The attackers selectively remove HTTP-to-HTTPS redirects to gain full access to plain unencrypted HTTP traffic without causing TLS certificate warnings.

Specifically, hackers attacked multiple bitcoin mixers. They replaced bitcoin addresses in HTTP traffic to redirect transactions to their addresses instead of the user provided bitcoin ones. By replacing the destination address at the HTTP traffic level, the attackers hijacked the user’s funds without the users’ or the Bitcoin mixer’s knowledge.

Why Wasabi is safe and how it defends itself against this type of attack

It’s simple: because Wasabi Wallet is a non-custodial privacy-focused Bitcoin wallet that implements trustless CoinJoin, there are no addresses sent to a server when sending money.
Also, unlike many other “traditional” mixers where users must give control of their coins to another party and trust that this party will return the bitcoin to them, Wasabi Wallet does not take custody of assets.

When sending money, there is no network traffic saying something like send 1 BTC to bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq, so there is no amount or address that can be intercepted and replaced.
In Wasabi Wallet, the user broadcasts Signed transactions. In fact, the wallet broadcasts it to the P2P network using random nodes on the Tor onion network.

During CoinJoin phases, however, an exchange of information about addresses involved takes place.
Specifically, during the input registration phase, this is the data that is exchanged:

• The input coins that you want to register, together with the input proof signature.
• The cleartext change address.
• The cryptographically blinded anonset CoinJoin output.

And subsequently, during the output registration phase, this is the data that is exchanged:

• The cleartext address for the anonset CoinJoin output.
• The coordinator signature over that output.
• The round hash of all the inputs.

But even if an attacker were to carry out an MITM attack by breaking the cryptography that certifies the coordinator signed outputs and replacing an address, the client would not sign the transaction, so no one would be able to hijack the funds.

On the network side, by default and under normal conditions, Wasabi Wallet never leaves Tor onion network and it never uses Tor exit relays.
All Wasabi Wallet’s traffic stays inside the onion network, and most Tor attacks are not possible if exit nodes are not involved.
In Wasabi, exit nodes are only involved in fallback scenarios.

Fallback scenario? What are you talking about?

Let’s give an example: if the Tor onion service of the backend becomes unavailable for the user, the wallet falls back to communicating with the backend’s clearnet endpoint, still over Tor. This allows the user to continue to operate, even in unusual/offline onion backend conditions.
Regarding the website itself, connections are SSL-enforced and HSTS enabled.

Yes, I know, all these acronyms can seem difficult to understand. But just keep reading, and you will see that we will simplify them in the best possible way:

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone.
(Source: Wikipedia)

Don’t Trust, Verify!

As we mentioned earlier, Wasabi’s fallback servers (Mainnet and Testnet) make use of encrypted connections and enable HTTP Strict Transport Security.

Let’s start Wasabi Wallet, open the config file from the wallet GUI, go to File>Open>Config File.

The first lines should look like this:
"Network": "TestNet",
"MainNetBackendUriV3": "http://wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion/",
"TestNetBackendUriV3": "http://testwnp3fugjln6vh5vpj7mvq3lkqqwjj3c2aafyu7laxz42kgwh2rad.onion/",
"MainNetFallbackBackendUri": "https://wasabiwallet.io/",
"TestNetFallbackBackendUri": "https://wasabiwallet.co/",

MainNetFallbackBackendUri and TestNetFallbackBackendUri are, respectively, the two clearnet backends for Mainnet and Testnet to which Wasabi Wallet connects in case the two .onion backends are inaccessible.

As you can see, both of them are using secure HTTPS connections.
What about HSTS? For this, we can rely on one of the many tools online that allow you to test if a specific domain/ip has HSTS enabled.
Both of them have HSTS enabled, check for yourself:

• Fallback Mainnet backend test
• Fallback Testnet backend test

Your security, like your privacy, is our top priority

Wasabi Wallet is safe in both, Tor onion network and clearnet.
In addition to this, exit nodes are only involved in fallback scenarios. This type of scenario is extremely rare; and should it happen, we have still adopted all the best practices to ensure the safety of your funds.

Additionally, in a custodial mixer, a passive network attack is really dangerous because the attacker can deanonymize all the users and see all their activity. With Wasabi Wallet, this is not possible because even the Wasabi coordinator cannot deanonymize its users.

Learn more about how Tor works within Wasabi

Using Tor within Wasabi has several facets:

• Wasabi frequently utilizes multiple Tor streams where applicable and registration of CoinJoin inputs and outputs is done through different Tor streams to avoid linking.
• The backend server serves block filters to all the clients over Tor. From those filters, the clients figure out which blocks they are interested in and downloads them [and some false positive blocks] from random peers. One block per peer, and always over a fresh Tor stream.
• Wasabi connects to each peer through a different Tor stream. A new random Bitcoin peer is used for every transaction broadcast.
• Wasabi broadcasts transactions to only one peer over Tor, and immediately after that, the peer is disconnected.
• Every fee query happens over Tor with a new Tor identity.

Do you want to learn more? Visit our documentation pages!

The post Wasabi Wallet and Tor SSL stripping attacks appeared first on Wasabi Wallet - Blog.