Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id A7FC7C000B for ; Thu, 10 Mar 2022 12:33:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 9437660FDB for ; Thu, 10 Mar 2022 12:33:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -0.848 X-Spam-Level: X-Spam-Status: No, score=-0.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BITCOIN_IMGUR=1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: smtp3.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yLnYinxCPF0N for ; Thu, 10 Mar 2022 12:33:36 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) by smtp3.osuosl.org (Postfix) with ESMTPS id C2A1F60A82 for ; Thu, 10 Mar 2022 12:33:35 +0000 (UTC) Received: by mail-lf1-x12e.google.com with SMTP id n19so9140106lfh.8 for ; Thu, 10 Mar 2022 04:33:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zWp/jF2ll6HIPgFq+xMKgu+t+qZy2HCVU0pAx0qO8ug=; b=ShTL+n6IgNPWmOrYx78YVIlTMUUwXC79XX6uMYGOOONuZ07IYrGE9jMtoMbDIcV8Wr S3G8pLe0g/rjSeBIK+2/+mTGgwD/LxGF6HTQL1A5rqiv9FgT8PVbBRnD435X/GkOeKpE wnPnN83lyNIqMXLSdgpnGitP5FLDEQmbK5hzTol+Bik+xfnTTm8pDzYqXpGWmYHZ1y0m xv3QnTC1uxmH8jN/a8/fzXFC6SFTdsUEZPzAejlC+pZzjcX1kjedoMVau370mHwdzPJ7 fwGl8btynzcWdq8fg5i264PL7Jwf1eW9XLrMdH/OdWD7ttvD41SbVDRXxAOjEMSYWsQo mztw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zWp/jF2ll6HIPgFq+xMKgu+t+qZy2HCVU0pAx0qO8ug=; b=hlRREhC5oSM86CNBDxcgNQ8nPcN9IUTH7pjjISBj/195HTICKyLq/v5izomjqDC3qc ZmZHB9GVoUw4m6dbNd8NhlyDWtQSQshj1t6oDlk1dqpP9z1p4SlqPAwSj+XYa4WbfR7b RUTgGgI1dFRwUlfgsSExiqS0iVoeIGAAW1mq3k8TBmxoWp6Go62IjZrlDVRpHFmi5+b8 a506VaMZiQMt5wQ2+OHqJ/cJCOAvguhV4svrhCcRNiev+qbdIygvoMl/MkehFO4WhFZn 5S6yH2qt8Eili+gNiCntIZM+LHlyr06B1n3yasdbVeHRf1eqUDPA9ljYWnBWcc+VMOrz GZLA== X-Gm-Message-State: AOAM5325jbx4pa9xKMgAtGktObJ5yFFSenxATBufE4k5I82zJPUYb6tY yU5xex470ZTi3aK0dPeCxDJkQLzZr0HkoSl7bKQ= X-Google-Smtp-Source: ABdhPJwYBXEaWoECS3F6wNRuCUfT9UmkpKjS8DMeVjdIrg8T7HFZ9331XC1ZwaMJ4B4OjJG25LLIeltXeBjzKl0Sl98= X-Received: by 2002:a05:6512:1105:b0:443:8b92:29ff with SMTP id l5-20020a056512110500b004438b9229ffmr2894509lfg.413.1646915613488; Thu, 10 Mar 2022 04:33:33 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: nopara73 Date: Thu, 10 Mar 2022 08:33:21 -0400 Message-ID: To: Prayank , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="0000000000001dfa3e05d9dc6cb5" X-Mailman-Approved-At: Thu, 10 Mar 2022 13:03:13 +0000 Subject: Re: [bitcoin-dev] Wasabi Wallet 2.0 Testnet Release X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Mar 2022 12:33:37 -0000 --0000000000001dfa3e05d9dc6cb5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > There is no coin control in Wasabi Wallet 2. This is correct, but in and of itself can be misleading for those who know that privacy in Bitcoin is near impossible without coin control, because the conclusion would be then that Wasabi 2.0 ruined privacy for no reason, which is obviously not the case, in fact it improves it in many ways. The idea is that you don't need coin control when you can make your transaction with coinjoined coins. These coins are indistinguishable, so you don't really have a use for coin control in that case. I think this is non-controversial, but what about the case when you cannot make the tx from coinjoined coins? In that case there still is a mandatory privacy control, which is an improved version of coin control. The insight here is that, in coin control settings, users are differentiating between coins based on their labels. Since Wasabi creates label clusters, it is ok to select the clusters the user wants to make the transaction from instead of individual coins. I know you liked the never released cluster selection page before it got further improved to be a privacy control page, but note the privacy control still uses the same insight, it just further removed unnecessary friction. That being said, coins can also be seen with this super secret developer key combination: CTRL + D + C > User does not select coins because they are never shared with the user in the first place. As explained above it is selecting coins indirectly rather than directly. It is selecting clusters of coins that are assumed to belong to the same wallet from an outside observer's point of view instead of individually selecting coins one by one. > There are no 'private' coins. Every coin is public in Bitcoin. Not sure I'd like to engage in bikeshedding on terminology, but in my opinion this terminology is not only true, but also good and useful: Ownership of equalized coinjoin UTXOs is only known by the owner and not by external observers. The owner has control over who it reveals the ownership of these UTXOs. Privacy is your ability to selectively reveal yourself to the world, therefore the terminology of "private coins" naturally makes sense and it's a useful differentiator from non-coinjoined coins. > Since, the wallet assumes some coins as 'private' based on certain things it can be misleading for the user. Privacy depends on the things users want to share with others. The wallet does not assume. The user assumes when selecting the anonymity levels. The wallet works with the user's assumption of its threat model. If a misleading claim can be made here then it's that the user misleads the wallet (and her/himself) rather than the other way around. > Privacy involved in using a change or not using it is debatable. Not using a change address makes it easier to understand who might be the recipient in a transaction whereas using a change address same as other outputs would be difficult to analyze for possible recipients. Although I agree it's debatable, but for different reasons. I'd rather take an issue of its usefulness instead. About the assumption that it's easier to understand who might be the recipient, that's incorrect as the transaction can easily be considered a self spend. In comparison to change generating transactions, there the change and the recipient can most of the times be established. > Wasabi wallet does not have different types of addresses to use for a change however [Bitcoin Core][2] recently made some related improvement which would improve privacy. Yup. Unfortunately this is a hack to make the wallet feel like a light wallet as it greatly reduces the size of the client side filters we have. Although, as the blockchain grows further optimizations are needed. So it's not very helpful if Bitcoin Core gives us 10 GB of filters so we can use all the types of addresses. We had a pull request to Core about creating custom filters, but it was NACK-ed. In order to do this correctly and get merged into Core we'd have to have a more comprehensive modification than our initial PR and that we have no resources to allocate to yet. > As far as issues are concerned, there are several things not fixed and shared in different GitHub issues or discussions. These include privacy, security and other things. I greatly disagree with this assessment, in fact, quite the opposite. Take for example the tremendous activity your pull request about an empty catch block received: https://github.com/zkSNACKs/WalletWasabi/pull/6791 No sane project would allow their best developers to spend more than 5 minutes on this issue, yet 7 developers were discussing if leaving a single empty catch block in the code could be a potential security risk in the future and our resolution was actually contributing to NBitcoin to make sure we aren't getting an exception for incorrect password, but rather a boolean signal. > As WW2 is not developed for power users (mentioned by developers working on Wasabi), I am not sure if bitcoin dev mailing list would be the best place to look for newbies. I do agree that the bitcoin-dev mailing list is not where the target users of Wasabi 2.0 are to be found, however Wasabi 2.0 is a great forward step of Bitcoin development and developers could certainly benefit from knowing about great innovations it comes with. On Wed, Mar 9, 2022 at 5:27 PM Prayank via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Hi Max, > > > Whenever the user wants to spend bitcoin to an address, the wallet > automatically selects those private coins with sufficient sats, coin > control is displayed to the user. > > 1.There are no 'private' coins. Every coin is public in Bitcoin. > > 2.Since, the wallet assumes some coins as 'private' based on certain > things it can be misleading for the user. Privacy depends on the things > users want to share with others. > > 3.There is no coin control in Wasabi Wallet 2. > > > However, when the private balance is insufficient to make the payment, > the user has the option to adjust the coin selection with the help of the > previously provided contact labels. > > User does not select coins because they are never shared with the user in > the first place. > > [Selecting some labels][1] with misleading text 'who can see this > transaction' does not look helpful. > > > Wasabi also suggests the user to slightly adjust the payment amount so > as to avoid the creation of a change utxo, decreasing fees and improving > future privacy. > > Privacy involved in using a change or not using it is debatable. Not usin= g > a change address makes it easier to understand who might be the recipient > in a transaction whereas using a change address same as other outputs wou= ld > be difficult to analyze for possible recipients. > > Wasabi wallet does not have different types of addresses to use for a > change however [Bitcoin Core][2] recently made some related improvement > which would improve privacy. > > > We kindly ask for your help testing the completely new UI/UX > > As WW2 is not developed for power users (mentioned by developers working > on Wasabi), I am not sure if bitcoin dev mailing list would be the best > place to look for newbies. As far as issues are concerned, there are > several things not fixed and shared in different GitHub issues or > discussions. These include privacy, security and other things. > > > [1]: https://i.imgur.com/Gxjmhau.png > [2]: https://github.com/bitcoin/bitcoin/pull/23789 > > > -- > Prayank > > A3B1 E430 2298 178F > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --=20 Best, =C3=81d=C3=A1m --0000000000001dfa3e05d9dc6cb5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
>=C2=A0=C2=A0There is no coin control in Wasabi Wa= llet 2.

This is correct, but in and of itself can be misleading for = those who know that privacy in Bitcoin is near impossible without coin cont= rol, because the conclusion would be then that Wasabi 2.0 ruined privacy fo= r no reason, which is obviously not the case, in fact it improves it in man= y ways.

The idea is that you don't need co= in control when you can make your transaction with coinjoined coins. These = coins are indistinguishable, so you don't really have a use for coin co= ntrol in that case. I think this is non-controversial, but what about the c= ase when you cannot make the tx from coinjoined coins?

In that case = there still is a mandatory privacy control, which is an improved version of= coin control. The insight here is that, in coin control settings, users ar= e differentiating between coins based on their labels. Since Wasabi creates= label clusters, it is ok to select the clusters the user wants to make the= transaction from instead of individual coins. I know you liked the never r= eleased cluster selection page before it got further improved to be a priva= cy control page, but note the privacy control still uses the same insight, = it just further removed unnecessary friction. That being said, coins can al= so be seen with this super secret developer key combination: CTRL + D + C

> User does not select coins because they ar= e never shared with the user in the first place.

As expla= ined above it is selecting coins indirectly rather than directly. It is sel= ecting clusters of coins that are assumed to belong to the same wallet from= an outside observer's=C2=A0point of view instead of individually selec= ting coins one by one.

>=C2=A0 There are no 'private' coins. Every coin is public in Bitcoin.
<= br>Not sure I'd like to engage in bikeshedding on terminology, but in m= y opinion this terminology is not only true, but also good and useful: Owne= rship of equalized coinjoin UTXOs is only known by the owner and not by ext= ernal observers. The owner has control over who it reveals the ownership of= these UTXOs. Privacy is your ability to selectively reveal yourself to the= world, therefore the terminology of "private coins" naturally ma= kes sense and it's a useful differentiator from non-coinjoined coins.
>=C2=A0 Since, the wallet assumes some coins as 'private' based on certain = things it can be misleading for the user. Privacy depends on the things use= rs want to share with others.

The wallet does not assume. The user a= ssumes when selecting the anonymity levels. The wallet works with the user&= #39;s assumption of its threat model. If a misleading claim can be made her= e then it's that the user misleads the wallet (and her/himself) rather = than the other way around.

>=C2=A0 Privacy involved in using a change or not using it is debatable. Not using = a change address makes it easier to understand who might be the recipient i= n a transaction whereas using a change address same as other outputs would = be difficult to analyze for possible recipients.

Although I agree it= 's debatable, but for different reasons. I'd rather take an issue o= f its usefulness instead. About the assumption that it's easier to unde= rstand who might be the recipient, that's incorrect as the transaction = can easily be considered a self spend. In comparison=C2=A0to change generat= ing transactions, there the change and the recipient can most of the times = be established.

>=C2=A0 Wasabi wallet does not have different types of addresses to use for a chang= e however [Bitcoin Core][2] recently made some related improvement which wo= uld improve privacy.

Yup. Unfortunately this is a hack to make the w= allet feel like a light wallet as it greatly reduces the size of the client= side filters we have. Although, as the blockchain grows further optimizati= ons are needed. So it's not very helpful if Bitcoin Core gives us 10 GB= of filters so we can use all the types of addresses. We had a pull request= to Core about creating custom filters, but it was NACK-ed. In order to do = this correctly and get merged into Core we'd have to have a more compre= hensive modification than our initial PR and that we have no resources to a= llocate to yet.

>=C2=A0 As far as issues are concerned, there are several things not fixed and shar= ed in different GitHub issues or discussions. These include privacy, securi= ty and other things.

I greatly disagree with this = assessment, in fact, quite the opposite. Take for example the tremendous ac= tivity your pull request about an empty catch block received:=C2=A0https://github.com/= zkSNACKs/WalletWasabi/pull/6791
No sane project would allow their be= st developers to spend more than 5 minutes on this issue, yet 7 developers = were discussing if leaving a single empty catch block in the code could be = a potential security risk in the future and our resolution was actually con= tributing to NBitcoin to make sure we aren't getting an exception for i= ncorrect password, but rather a boolean signal.

>=C2=A0 As WW2 is not developed for power users (mentioned by developers working on= Wasabi), I am not sure if bitcoin dev mailing list would be the best place= to look for newbies.=C2=A0

I do agree that the bitcoin-dev mailing = list is not where the target users of Wasabi 2.0 are to be found, however W= asabi 2.0 is a great forward step of Bitcoin development and developers cou= ld certainly benefit from knowing about great innovations it comes with.

On Wed, Mar 9, 2022 at 5:27 PM Prayank via bitcoin-dev <bitcoin-dev@lists.linuxfoundati= on.org> wrote:
=20 =20 =20
Hi Max,

> Wh= enever the user wants to spend bitcoin to an address, the wallet automatica= lly selects those private coins with sufficient sats, coin control is displ= ayed to the user.

1.= There are no 'private' coins. Every coin is public in Bitcoin.
<= /div>

2.Since, the wallet assu= mes some coins as 'private' based on certain things it can be misle= ading for the user. Privacy depends on the things users want to share with = others.

3.There is n= o coin control in Wasabi Wallet 2.

> However, when the private balance is insufficient to m= ake the payment, the user has the option to adjust the coin selection with = the help of the previously provided contact labels.

User does not select coins because they are= never shared with the user in the first place.
=
[Selecting some labels][1] with misleading text= 'who can see this transaction' does not look helpful.

> Wasabi also suggests the user to slightly adjust= the payment amount so as to avoid the creation of a change utxo, decreasin= g fees and improving future privacy.

<= div dir=3D"auto">Privacy involved in using a change or not using it is deba= table. Not using a change address makes it easier to understand who might b= e the recipient in a transaction whereas using a change address same as oth= er outputs would be difficult to analyze for possible recipients.
=

Wasabi wallet does not have d= ifferent types of addresses to use for a change however [Bitcoin Core][2] r= ecently made some related improvement which would improve privacy.

> We kindly ask for your = help testing the completely new UI/UX

=
As WW2 is not developed for power users (mentioned by dev= elopers working on Wasabi), I am not sure if bitcoin dev mailing list would= be the best place to look for newbies. As far as issues are concerned, the= re are several things not fixed and shared in different GitHub issues or di= scussions. These include privacy, security and other things.



--
Prayank

A3B1 E430 2298 178F
<= /div>
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev


--
Best,
=C3=81d= =C3=A1m
--0000000000001dfa3e05d9dc6cb5--