Is Bitcoin user culture going the wrong way? Or are these general cultural things? What should be the approach around avoiding KYC? What new features are coming to Samourai Wallet? Samourai Wallet joins me to discuss.
Samourai Wallet links:
- Site: samouraiwallet.com
- Twitter: @samouraiwallet
Prior episodes:
Sponsors:
- Swan Bitcoin
- Unchained Capital (code LIVERA)
- Knox Custody
Stephan Livera links:
- Show notes and website
- Follow me on twitter @stephanlivera
- Subscribe to the podcast
- Patreon @stephanlivera
Podcast Transcript:
Stephan Livera:
Samourai Wallet. Welcome back to the show.
Samourai Wallet:
Thank you for having me again. Is this a record? Am I the most frequented guest on the Livera podcast?
Stephan Livera:
You’d be up there. You’re definitely up there. This is, I think this is your fourth appearance. So I think there are some who there might be some who are up on five, but you’re definitely getting up there. So Samourai Wallet I’ve seen, you’ve been well, obviously there’s been a bit of back and forth on Twitter with some of the recent comments, firstly, in relation to the Wasabi disclosure aspect of it, and also some of your comments around Monero culture. And I wanted to jump into some of these discussions and play some of those discussions out for people. So maybe let’s just start with a little bit around what you see as, well do you see any cultural issues in terms of Bitcoin users today?
Samourai Wallet:
Yeah, yeah, absolutely. I mean, I’ve been talking about this since about 2015. In fact, it’s the whole reason why we started Samourai Wallet. We saw the beginnings of a cultural degradation of the space as more institutional money and more price driven actors into the space. When we had a huge price increase, had a big drive of retail investors and the ethos of the space was shifting as early as 2015. So we were warning about that then. And Samourai was a direct response to that, Samourai Wallet software. And I think it’s only exacerbated. It’s only gotten, it’s only gotten worse as far as I can tell in terms of cultural acceptance of, of things that even in 2015, wouldn’t have been acceptable, such as closed source software in Bitcoin, such as custodial solutions being praised, all that sort of stuff. That’s what I talk about.
Stephan Livera:
Let’s bring that to today then. So you’re saying today, essentially, you’re seeing this practice of custodial being seen as quote unquote, okay. And closed source software. Do you view that then as people are making tradeoffs to try and get further adoption and essentially that’s why you’re anti that because and perhaps this is an area where you might want to comment also, I’ve seen you comment on this in saying mass adoption is the poison pill. Why do you you say that?
Samourai Wallet:
Well, that’s exactly why, you hit the nail on the head. If you, if you’re coming into this solely as a way to increase your bags. As I like to say as a way to, as an investment, then, then you have a different mindset and anything that threatens your investment becomes a problem to you and privacy, especially on the main chain to a lot of people, they believe that threatens their underlying investment in Bitcoin. And as such, you have, you see not a lack of desire to work on privacy features, which is just normal because it’s always a niche thing. It’s always required, but it’s always the, it’s a niche thing that people do to being outright hostile towards privacy on the main chain because it’s, you know, they believe it threatens their investment. So mass adoption is a poison pill because, Bitcoin’s nowhere near ready to deal with that type of thing. We should be years ahead in terms of privacy on protocol there before we can even start to think about mass adoption as far as I can tell.
Stephan Livera:
So you were mentioning there around privacy tools. Well, privacy on chain. I notice that yourself and some of the other Samourai Wallet guys, such as TDev, the CTO have been a little more skeptical of the idea of let’s say some of the more protocol level privacy enhancements coming. So for example, if we were to get taproot and then in future, we were to get the cross input signature aggregation, which would be a future soft fork. So in your view, are you skeptical that those things will come to Bitcoin?
Samourai Wallet:
I’m not skeptical that they’ll come to Bitcoin. I’m skeptical that they’ll come to Bitcoin in a way that maximizes privacy. So we’ve already seen that with the cross sig aggregation. Initially it was originally part of one spec, then it got broken out. We’ll do that later. And that’s the part that provides the privacy benefit. You know, so, I mean, you would have to ask TDev exactly what his thoughts are. Cause we are two different people contrary to what Twitter thinks we are completely separate people. I agree with the overall sentiment that we are not going to see protocol level privacy changes, anything that makes a real big impact on Bitcoin. I think that ship has sailed. The time for that was prior to the institutional money coming in, getting that on the protocol level before they got, it was kind of, kind of the essential key to the whole operation.
Samourai Wallet:
Otherwise Bitcoin basically runs the same risks as what happened to the internet which is total capture. And the internet is totally captured with the exception of the fringes who are running, you know, onion hidden servers on the dark net. But all intents and purposes, the internet as a decentralized network is completely captured and surveilled. And we saw the same possibility with Bitcoin. And the same, you know, we saw the same kind of thing, start to play out with the SegWit2X fork. And that’s why it was such an important movement and such an important point to get across that the chain can’t be, and the protocol can’t be captured so easily or, or shouldn’t be able to be captured so easily. And that users have the final say, that’s why that whole movement was such an important event.
Samourai Wallet:
And, and why it was so bullish. It was because it showed that, okay, the same type of capture event that happened with the worldwide web is still possible in Bitcoin, but it’s not going to be as easy. And here’s our first, first show of force. Now the opponent wasn’t very sophisticated and the opponent wasn’t very organized and you know, they made it kind of easy for them to lose. If we had a much more sophisticated opponent, a nation state, for example, would that still be the case? And, and would that still, would that be the case in 2020 versus whenever the 2X fork was, which was what 2018 or something. So those are all questions I think that are worth considering as mass adoption grows. I think the likelihood of that type of event succeeding increases.
Stephan Livera:
I’m somewhere in the middle here, right? Like I obviously I want tools like Samourai Wallet and privacy tools to exist, but I think I’m also of the view that most people coming into Bitcoin, maybe we could think of it this way, the amount of Number Go Up demand versus the amount of privacy demand. And I think what we’re going to see over time, or even now and over the next few years is we’re going to see just vastly more number go up demand than privacy demand for Bitcoin. And so it becomes difficult then because it’s like, it’s not that people don’t want privacy. It’s just that’s not their priority if you will. What do you think?
Samourai Wallet:
Yeah, I think you’re absolutely right. There’s no disagreement. People don’t want privacy until they need privacy and then they’ll go seek it out. And it might be too late for them in some cases because of their cavalier attitude towards it in the past. You know when I criticized the culture of bitcoin, it’s not necessarily just a Bitcoin culture, cultural problem, so wider cultural problems. So the problem with KYC is not a Bitcoin problem. That is a, that’s a global problem around the world. You know you have global task force set up across all the major economies that share data with each other and people are just completely fine with handing over information. And this is a relatively new innovation in the world. And in the last 25 years has been completely normalized.
Samourai Wallet:
Now, when we criticize Bitcoin because of Bitcoiners for submitting to KYC in order to acquire Bitcoin, it’s not that we’re trying to shame them. We’re just trying to explain to them that they don’t really understand the implications of what they’re doing here. Bitcoin is a, it’s a subversive technology. It really is. And it can things can shift very, very quickly as we’ve seen in the first half of 2020, things can change very rapidly. And you could go from, from doing something completely legal, which is acquiring a Bitcoin stacking sats, et cetera, et cetera. And that could go to illegal very quickly. And your tax authority or your government, or your, whoever could ask you, or could target you very easily because you’re a wreck you’ve submitted your name, identity, where to find you, your government issued ID sometimes your passport and a biometric photo in a lot of cases.
Samourai Wallet:
So you’ve handed all this over willingly and yeah, I think it’s, I mean, I think the KYC issue in Bitcoin is a bigger issue because of the nature of the technology. And I think that users coming in solely to, as an investment for a number go up, have a different kind of incentive set. And they don’t, they probably don’t care about all that sort of thing, but they might very, very soon depending on the shifting attitudes of this thing. And I don’t think anything is a sure bet really, in terms of the way governments perceive this and accept this.
Stephan Livera:
Of course. So it may come to that in terms of how private a person is when they first acquired. Bitcoin’s obviously nowadays it’s quite difficult to have only non KYC coins, although it is still possible. If you let’s say,
Samourai Wallet:
Well Bisq is now being used more and more frequently, and that’s a that’s a decentralized exchange. So the volumes on there are growing rapidly and there’s no KYC requirement. So if you want to do, if you want non KYC, Bitcoin is completely easy, not easy, but it’s completely reasonable to do you just have to do a little bit of extra work
Stephan Livera:
Yeah. With that point of view as well. I think it’s also worth or talking about kind of realistically what happens also, right. So I’ll give you a quick example, right? So again, my intention here is not to like to FUD non KYC trading. I want people to be able to do that. But here in Australia, there was a case where I think it was like a 53 year old lady in a suburb in Sydney where essentially the police came after her for doing non KYC, Bitcoin trading, basically. And now they were saying, okay, you’re operating an illegal virtual currency exchange without doing the KYC, et cetera. And that, to me, it looks like it was probably an example. Again, I’m speculating a little bit because I don’t know all the details, but it, a probable or likely scenario there is that lady was probably running a lot of volume through her bank account, the bank, as in fiat volume, because obviously, you know, buying and selling.
Stephan Livera:
And then with a lot of those transaction monitoring rules in the bank that probably flagged it up to the Australian federal police or some other law enforcement agency like that. And then they probably ran a sting and then they caught her and went to her house and probably raided her hard drives and all of that. And so to me, it’s sort of like, I want people to be able to have these non-KYC ways of interacting with Bitcoin, but it seems to me like somewhere at some point, unless you’re staying under certain thresholds, it may not be feasible for a big proportion of people to be able to do that. But what do you think?
Samourai Wallet:
Well, I don’t know the details of that case. I know that in Australia they’ll, the police will come harass you for not wearing a mask and for having a party in your own backyard. So, you know, I don’t, I don’t know that they’re the best example of a reasonable state. I mean, I don’t know what exactly the question you’re asking me government makes it hard to acquire Bitcoin, so therefore you should submit to the way the government wants you to acquire Bitcoin. Like, well, so what’s the point? To me, you know, like I don’t get it. I don’t understand what the point of buying Bitcoin is. If you have to give up so much information to acquire it, I certainly wouldn’t do that. I don’t see the appeal to that at all. I think if you, you should be acquiring Bitcoin in a way that doesn’t expose you and you shouldn’t break any laws to do that.
Samourai Wallet:
And as far as I know, there are no laws saying that you have to buy Bitcoin from a certain type of exchange whether that be in Australia or in the US now in the US what they that type of story I’ve heard for years. And that’s been, this has been going on for years in the US what they have to do is they have to get the, the person who is involved in what they claim is an unlicensed money transmitting business to essentially admit to knowledge of the source of funds being illegal. So they’ll set up a sting operation with the local Bitcoin trader, for example. And then they’ll say something like, Oh yeah, I got these from hacked bank accounts. Or I got these from illicit drug purchases. And as soon as the trade is made with the knowledge that these came from allegedly illicit means he’s committed a crime and now you can be arrested.
Samourai Wallet:
And that’s how they get them in the US and they’ve been doing that since like 2012. In Australia. I don’t know the details of the law there you know but I’m not entirely surprised. Again, there’s more of us than there are of them. They are making an example in all these cases and I believe that people should resist and should, should not, sacrifice their personally identifiable information to unknown third parties just to be able to get in on what may be a good investment for them. That I don’t understand.
Stephan Livera:
I see another common view out there might be something like, well, yeah, of course I might be able to try and buy some in a non KYC way or earn in a non KYC way, but they wouldn’t be able to earn as much or buy as much if they had to do it all non KYC. So I guess in your view then, is it that essentially you think it’s worth paying the premium or having less of a stack to get non KYC? Or how would you frame that? Or how would you think about that?
Samourai Wallet:
Yeah, I mean, I think that there’s always going to be a privacy premium. There always is with stuff. You pay, you know, you pay more for privacy premium and you have to be okay with that. So, and again, it comes down to what I said earlier, where you don’t know you need privacy until you need it, and when you need it, you’re willing to pay the premium. It doesn’t matter to you. It’s just whether that’s gonna be too late. Like, so for instance, we get a lot of users who truly believe that by mixing their coins, they’re erasing, their KYC record, like that somehow mixing their Bitcoin after they’ve submitted KYC to an exchange, breaks that trail of KYC. And it doesn’t. And we have to explain this to users. So there’s a big misconception of what’s happening, the privacy of Bitcoin, where we get people who are thinking they’re buying from cash app, they’re stacking sats, and then sending to their Samourai Wallet, then mixing it and then saying, they’re going to go on the dark web with it. They’re crazy.
Stephan Livera:
I guess then it also comes to what sort of culture and what you’re looking to do with those coins. And I guess, yeah, bringing it back to what we were saying around how much number go up demand is there versus privacy demand in my mind that also brings in this point of whether over time privacy gets priced out on chain, relative to all the people who want to stack or do something else with it. But how are you thinking that kind of idea of if fees were too, like a lot of people were to come into Bitcoin and would that basically make doing CoinJoin more expensive? Or how you thinking about that?
Samourai Wallet:
Definitely, it would definitely make CoinJoins doing coinjoins more expensive. We’ve, I mean, we’ve been hearing this for a long time, right? We’ve been hearing about how all these users are gonna make fees go up. And privacy is going to be priced off off chain. So we have to go second layers, et cetera et cetera. Well we haven’t seen it yet, right? Like the closest we got was Roger Ver’s spam attack between 2017 and 2018. And that’s when there was huge mempool congestion and the beginnings of a fee market starting to emerge. But it was all based on, on span and wise. And since then, you know, while the mempool has been pretty much empty we get, so we get small spikes every, every now and then, and we’ve had the last couple of weeks, there has been a sustained small kind of low level non 1 Sat kind of fee rate for awhile.
Samourai Wallet:
I don’t think it’s a huge concern for us right now. Right now, Our CoinJoins are relatively small in size. We have five participants in a CoinJoin and the way that the coin joint is structured or the transaction is structured, we have between two and three free riders in there who aren’t paying a miner fee. So the miner fee is paid by two or three pre-mixers. And if we were to increase the size of the CoinJoin to 10, that means the miner fee would be paid by between more people. So it would actually go the cost of a CoinJoin would go down. So I think time is on our side. We can deal with higher fees on, on chain. That’s not really that big of a deal. And I think that, I think that while privacy isn’t gonna be focus of core developers on the protocol layer. I think that they, that they do have a focus on transaction efficiency, UTXO efficiency. And I think we still will see innovations on on the transaction side and keeping sizes down and keeping costs down. So I’m not, it’s not something that we’re actively worried about. It’s obviously an identified threat if things get out of control, but it’s not, you know, not high on our list of worries.
Stephan Livera:
I guess it could be seen, like that’s a bit of a longer term consideration and not one that’s so important in the short to medium term. And it could also be that your customers the Samourai Wallet users are the ones who are willing to pay that premium.
Samourai Wallet:
Yeah, for sure. I mean, we want to keep, we want to keep things reasonable for them, right? We don’t want them paying enormous miner fees just to mix because the privacy premium at a certain point, you know, you won’t stomach it anymore. It will just be too expensive and you’ll look for other tools and solutions to achieve the same goal. So I think that it’s a long term, not even really a long term threat, it’s just a long term consideration to keep in mind to keep an eye on. I’m not, not worried about it in the short to medium term. And I think that there’ll be plenty of technological innovation, both on the protocol level and within our application level and our application stack, where we’ll be able to keep up with things and make sure that users are paying the least amount of miner fees that they have to pay and the least amount of coordinator fees that they have to pay. Which I mean already, we do a good job at it. And I think both on miner fees and coordinator fees we try to keep things. We try to keep an eye on things.
Stephan Livera:
Yep. And actually, while we’re here, it might be a good point as well. I think this is a common confusion when people are looking at CoinJoin is they look at the fee and they think, Oh, it’s 5% of whatever amount I’m putting in. Can you just clarify for listeners who are maybe not so familiar with the Samourai Whirlpool model, what sort of fees can they expect to pay?
Samourai Wallet:
Yeah, sure. So it’s actually a flat fee model in Whirlpool. 5% is kind of a misnomer. It’s 5% of the denomination of the pool you choose. So we have three pools. We have the 0.01 BTC pool. We have the 0.05 BTC pool, and we have the 0.5 BTC pool. You can choose to put any of your UTXOs in any one of those pools. And the fee that you pay is just based on which pool size, which pool you choose the regardless of what amount you put in. So you can mix a 1000 BTC in the 0.5 pool for the same price as mixing 1 BTC and 0.5. Cool. It doesn’t make any difference at all
Stephan Livera:
In terms of your users. As I recall from our recent our most recent episode, you were talking about how, in some sense, you’re designing the wallet for yourself and the users are coming along for the ride with you. But it, to some extent as well, I guess your software has a kind of target user in mind that, you know, they may be a dark net market user. Do you have any thoughts to share there in terms of who is like a typical profile, who are the typical kinds of Samourai wallet users?
Samourai Wallet:
Well, it’s kinda hard to say, cause we don’t really know, our users the only one new users we know are the ones that, that make themselves known to us in our telegram rooms or on Twitter and stuff like that. And it’s such a wide ranging gambit that you know I found one, one family that uses Samourai Wallet, then two daughters between like 10 and 12 that you Samourai Wallet, a grandparent. We have very low, low technical users and very high technical users. We haven’t targeted the wallet to a specific type of user. What we’ve tried to do is create a tool set within the wallet that would be attractive to Bitcoin users in general, and Bitcoin users who interact with Bitcoin, not just Bitcoin as an investment where they pop it on a hardware wallet and leave it there.
Samourai Wallet:
That’s people who are interacting with the token, either spending it, transferring it whirlpooling it, doing something with it, the tools that are in the wallet are essentially built from our experiences and out of necessity. And it’s because they fill that same kind of need for the whole wide ranging group of people. I think that the people that ended up the users that ended up using Samourai regularly, they just require whether it be, they just require, they want control of their UTXOs and they want control of their coins. And Samourai Wallet provides them an extraordinary amount of control of their coins for, especially for a mobile wallet. It provides them a lot more control than many desktop wallets do, let alone other mobile wallets. So I don’t think it’s an experience level thing, and I don’t think it’s a type of like hackerman type of thing or dark net type of thing. I think it’s just generally anyone who’s interacted and used the Bitcoin token for any, any amount of time. Will always have something that says, man, I wish my wallet could do X, Y, Z. And it’s very likely that Samourai Wallet can do that.
Stephan Livera:
Right. And yeah, I think Samourai Wallet, it does in my view offer the best privacy available within Bitcoin today. I think one thing that I’ve noticed as well from online discussion, and I think this can be a bit difficult for people because if they’re following online discussion, it can seem like, Oh, there’s all this fighting going on. And I might just ignore and just not even try to use any CoinJoin wallets and privacy wallets, because it’s just too confusing for them. Do you have any thoughts for listeners out there who are trying to make heads and tails of this?
Samourai Wallet:
Well, I think that if you don’t understand what you’re doing, then you should probably not use a feature, right? Like you shouldn’t just use a feature because your friends and everyone, you know, your influencers and whatever, tell you to use it, you should use it because you need it and you should use it because you you should use it when you understand what it’s doing. So we try to explain to users and we try to explain to people what our tools do. And what the actual outcomes of using the tool will be. We take great pains to explain these things to people. It would be a lot easier just to kind of say, yes, you get privacy as opposed to, yes, you’ve got privacy, but you need to be aware of XYZ. And if you do this and this you’re gonna undo what you’ve done. Right. So that education gap is it’s kind of something hard to overcome.
Stephan Livera:
To that point you were making there. Do you think that contributes to when people say things like a Bitcoin is not private because they saw some examples where someone was doing something the wrong way and that gives people the wrong impression that you can’t be private using Bitcoin when really they just don’t know the right way to go about that?
Samourai Wallet:
Yeah. I think there’s a lot of that. I think that, I mean, that’s a misnomer that Bitcoin is private. It’s pseudonymous. You know, because it is a public ledger. The idea always was that there was no personal identifiable information attached to your UTXO, which is not the case anymore for a large number of UTXO, as we were just discussing with the KYC problem. But as a system, it was always assumed that it was gonna be a pseudonymous system. So getting users to understand that, getting to understand that privacy on Bitcoin is a game of breaking heuristics and, breaking links and disrupting the movement of UTXOs, the flow of UTXO. I think, I think that’s, you know, getting users understand that is one of the major challenges. And then the second thing is when there’s deeply flawed implementations of CoinJoin out there that are receiving hype and praise by influencers and people alike it creates a problem for the technology as a whole because it’s assumed that all of the technology is flawed because of the one flawed implementation. I think that’sthe bigger issue right now within the CoinJoin space.
Stephan Livera:
So essentially it’s like the well is being poisoned by certain instances of implementations of the idea. And that may colour people’s perception to make them believe that it’s not possible, et cetera.
Samourai Wallet:
Yeah. Yeah. I mean we’re seeing that already. So the narrative is CoinJoin is flawed, and CoinJoin is broken. CoinJoin gets your account flagged, et cetera, et cetera. None of this is true at all. A flawed CoinJoin implementation is flawed. A flawed CoinJoin implementation is, broken and a flawed CoinJoin implementation is resulting in peoples exchange accounts getting closed. But that doesn’t have anything to do with CoinJoin. It has to do with a flawed implementation of CoinJoin which is, you know, which is why we’ve been vocal about this thing, why we we’ve been looking at not just Wasabi, but what JoinMarket and even the even chipmixer, the custodial mixer, because these are all in the realm of what we’re doing and what we’re trying and the technology we’re trying to get users to use and normalize. And you know, we want, we would rather not have to not have to fight against internal actors who are, who are, you know, harming, as far as we see it harming the space. It’d be better to focus on hardening this space for external attacks.
Stephan Livera:
I think there’s also been some discussion around, you know, shitcoining and people are talking about like inaudible and I think some of this is kind of like, there’s a bit of trollish mentioning of things like Monero and things like that. Although as you’ve said, the wallet is Bitcoin only I what’s spurring the discussion around the Monero or the Monero culture, as opposed to just talking about Bitcoin privacy?
Samourai Wallet:
I guess I don’t, I don’t really understand the question entirely. My tweet about Monero, my tweet, when I mentioned Monero wasn’t talking or praising Monero culture, it was criticizing Bitcoin culture that was talking to Bitcoin users. My audience is Bitcoin users. I’m a Bitcoin user, you know I don’t really know what else, you know, the whole accusations of shitcoinery or whatever I think are so absurd. It doesn’t even really warrant a response. My work speaks for itself. I mean, for God’s sake.
Stephan Livera:
Of course, of course. Look, I think I understand where you’re coming from. As I read you, it was sort of like, we are essentially not happy with the way culture is going in Bitcoin. But I think what spurred some of that discussion was when you said, I can’t remember the exact wording, so correct me if I’m wrong, but I think you said something like XMR is closer to our hearts or something like that.
Samourai Wallet:
Yeah.
Stephan Livera:
And that was probably what spurred the discussion. Right?
Samourai Wallet:
Well, that’s what triggered people. It was the use of XMR and the fact that hit close to home, you know you know, custodial cucks and sat stackers and whatever else I said in that tweet, it was designed to trigger, yeah, you should be offended. And if you’re offended by that, you’re probably one of the people I was targeting and talking about there was nothing really that controversial, you know it was a tweet against closed source software. It was a tweet against voluntarily KYCing yourself. It was a tweet against just mindless hopium shilling. And, you know, like these are pretty basic things. It doesn’t seem that radical. The, shitcoinery anything I think is just a just a new way to attack, you know, it’s like, Oh you can disregard what this person is saying, because they’re a shitcoiner.
Samourai Wallet:
It’s a really, it’s like kind of an SJW tactic. And you know, I’ve never, I’ve never been partial to those types of things. And in fact, I’ll call it out and I’ve never been shy about, about calling shit out. So I’m not gonna stop now. So, you know, I don’t mind being called a shitcoiner. If that’s what it is as for Monero look, the whole point is when something is one, it’s a small community and they haven’t had the pressures that Bitcoin has had, right. They haven’t had a huge, huge retail movement into their space. They haven’t had a huge push of institutional money into their space. A lot of exchanges haven’t even added them to their offering, right? Like it’s a very insular and small community. And because of that, they’ve been able to retain the same kind of culture that was present in Bitcoin. That’s all I meant.
Stephan Livera:
Sure. And it’s probably also fair to say that as, you know, everything gets bigger, it’s just becomes harder to maintain that. And perhaps some of this also comes into this whole concept of eternal September, right. Or just you know, at the start it’s kind of the geeks and the fanatics, and then later it’s the mops and the sociopaths who turn up, right?
Samourai Wallet:
Yeah, yeah, yeah, exactly. I mean, this is, again, this isn’t a Bitcoin thing. This is a, any, any sort of subculture, any sort of group, anything. I was just talking to the Monero guys on one of their podcasts. I think it was an Monero space just recently. And I was talking about, you know, we see this happen in IRC channels all the time. Anyone who was around for IRC could watch the evolution of an IRC channel you know, evolve and then devolve. And we’re just seeing, we’re just seeing that on a very massive scale. So it’s definitely something that was foreseen and expected the debate is, was more really about, and the anger and discontent is more about, were we ready for it? We knew it was gonna happen, but we did. And we were preparing for it, but did we prepare enough?
Samourai Wallet:
And is the protocol, is the protocol happy? Are we happy where the protocol is because it’s not really going to be changing much from this point on, right. And you start to get into that ossification stage of a protocol which is a good thing, but is it too early, et cetera, all of these questions come up as a result of the, the adoption push and it’s still and keep in mind, man, this is still, that was a small adoption push overall right. Like this is still a very niche niche thing globally. We, haven’t seen a real big retail push into Bitcoin or crypto at all. So when that happens, we’re still gonna have a lot to deal with. And again, I think we’re less ready now than we were in, 2018.
Stephan Livera:
Also we have many users who might be using Samourai Wallet to send to an exchange. It might be useful now to talk about exchange flagging. So this has been occurring in relation to, from my understanding, it has not occurred for Samourai Wallet or JoinMarket. It has only occurred in relation to Wasabi sends into an exchange, or even in some cases, withdrawal from an exchange. So I guess some of this comes down to, again the proximity versus footprint stuff we were mentioning earlier, I guess, to your knowledge as well, currently, so far, it is still that same case, correct?
Samourai Wallet:
That is correct. We’ve had no reports of account closures for Samourai Wallet users. We also test a variety of the biggest exchanges. We just sent directly from postmix into the exchange account to see if there’s any issues or if anything gets flagged. There’s been no issues. Nothing’s got flagged on our own tests. I’m very confident that exchanges are not flagging CoinJoin transactions. There’s no need to, what they’re looking for is proximity to illicit activity or blacklisted addresses, because that’s what they have to be looking for. If there’s proximity to an address that they don’t like the look of, or that they are told not to like look of, they’ll shut down your account, or they’ll freeze your account. By its nature, a CoinJoin should not leave any proximity to anything.
Samourai Wallet:
Everything that comes out of a CoinJoin should be zero proximity, zero links freshly minted, so to speak. And that’s true of Whirlpool and that’s true of JoinMarket for the most part that’s true. It’s not true of Wasabi. And for very, very long time, they had a static fee address that polluted every single mix that every single mix that occurred with that static fee addresses because blacklisted addresses were paying that fee address. And that fee address was a part of every single mix. Secondly unmixed change is a part of every mix of Wasabi and on exchange can be linked directly to a black listed address or blacklisted transaction and your mixed UTXO Wasabi mixed UTXO is in the same exact transaction as a black listed address or a blacklist to change address.
Samourai Wallet:
So, I mean, it was obvious this was going to happen. We tried to warn people that this was gonna happen. We tried desperately and then it started happening and it started happening over and over again, and totally innocent users who had absolutely zero links to criminality who have absolutely zero links to anything wrong had their stuff shutdown not because they use CoinJoin because they were sharing a transaction with a blacklisted address. Now, I don’t agree with blacklisted addresses at all. I think the whole notion is revolting, but it is the case and exchanges are looking for them. So you have to build a tool that doesn’t, you know, you know, I called it ‘taint as a service’ Wasabi, because you were literally paying to get your UTXO tainted.
Stephan Livera:
Yeah. And so with the exchanges, I think, and listeners, you probably, if you are a regular listener, you probably remember from my discussions with Rafael Yakobi, he was explaining as well. Essentially the way he’s explained it is kind of using that saying they pretend to work and we pretend to pay them. And so I guess from an exchange point of view, some for some of them, they feel like they have to do this minimum level. And so long as they are in, from their perspective, flagging, incoming Bitcoins that had any association with a blacklisted address, or let’s say the OFAC sanctions list or things like that, they, they can’t. So basically you can’t rub it in their face that you
Samourai Wallet:
They’re ticking boxes, right? Yeah. You know they’re ticking their boxes. They’re in compliance, right. As long as their legal team is happy they’re in compliance. And that’s what, that’s what the Chainanalysis people are selling them. They’re selling them compliance. They’re saying, look, you don’t have to worry about it. We’ll do it for you. And we’ll provide you a compliant report. We know we’re compliant. And you can be too. And all you have to do is pay us whatever, 8K a month or whatever it costs to, to join up with chain analysis. And they’ll, they’ll do that Oh, condition being, you’ve got to share your data with us, you know, customer data that happens. They’ll never say it cause they’re under NDA, but, seen the contract. So, you know, the exchange just wants to make money, right? The exchange wants users and the exchange wants the least amount of friction possible, because the least amount of friction means more money. They have to be compliant. So they’ll, they’ll go with whatever compliant solution that they can that’s easiest for them to implement and doesn’t result in them losing too much money too lost users.
Stephan Livera:
Also touching on the earlier point around a wasabi, probably also a good point here just to discuss around the recent disclosure there. So I guess from your perspective, you’ve identified this well, there were two crucial points and you’ve disclosed them to Wasabi, the team. Or maybe if you could just give a, maybe just a high level of what, what, what were the two key points just for listeners who might not have read through that report?
Samourai Wallet:
Yeah, sure. So we were always looking at other CoinJoin implementations, whether its Wasabi or Joinmarket specifically we’re always looking at these things. What we’re specifically looking for is on chain privacy stuff, right. We want to see how transactions are composed and whether we can figure it out the links mathematically and whether we can break through them. And if so how can we, you know, how can users, what steps can you just take and wallet developers take to prevent this from happening, right. That’s the kind of the whole point of OXT research in preparing a report for the upcoming OXT research report on the Twitter hack we stumbled across a different type of issue in Wasabi related to its code base, not towards its on chain footprint.
Samourai Wallet:
So this is a completely different type of thing. And what we found was that the way that the client selects coins to be queued automatically, this has nothing to do with what the user does, the user and queues some UTXO. And then the client takes over from there on how it gets selected in which UTXO to move and register for which mix, that all happens behind the scenes. Now in that process behind the scenes, that should be a random process. There should be randomness introduced into that process, but there isn’t at all, it’s a completely deterministic process. So what this, what ends up happening is if your attacker or your observer knows the state of your wasabi wallet UTXO list, or at least partial the state of that UTXO list, they can determine which mixes you’re gonna to be a part of and which outputs you’re going to be a part of as well.
Samourai Wallet:
So effectively there is no benefit to remixing in Wasabi because your mix is always as good as your anonset is always as good as the inaudible of your last mix. So if you’ve got a, let’s say quote unquote 50, anonset on your first mix and a 30 anonset on your second mix, your first mix is invalidated. And your second mix is the one that, that remains because there’s no randomness introduced and your attacker can determine exactly which, which UTXOs are used in each mix. This is obviously a huge problem. This isn’t something that we would publicly disclose cause we considered this something that could easily be fixed by the wasabi team and should easily be fixed. And we really didn’t think it was gonna be a controversial thing. Randomness is something that you want in a, in a CoinJoin implementation.
Samourai Wallet:
You don’t want it really anything deterministic at all. So we reached out to them privately about that. We made a couple of conditions because we’ve interacted with this team before. We’re not on the best of terms. And we know they have a history of sweeping stuff under the rug. So we added a condition to our disclosure to say, look, if you don’t fix it in 48 hours then you have to tell users that there’s, there’s been something found and they should, they should mitigate and provide the users a way to mitigate against it, whether that be don’t remix or whatever, or manually stop mixing, and then restart mixing to add some randomness or whatever you want to tell users to do. You should tell them something, if it can’t be fixed in 48 hours instead of trying to fix it, or instead of even responding to us, they said that we were blackmailing them and then nopara released the full disclosure on Pastebin on Reddit. After he did that, we just said, okay, we’ll write up our, you know, our report on it. That’s a little bit, hopefully a little bit more digestible for average readers. Because what we sent to what we sent to them was really for, you know, the developer of privacy tools to the developer of privacy tools. It, wasn’t trying to explain things to the average reader, you know?
Stephan Livera:
Yup. And so, as I saw some of the discussion, people were saying things like, Oh, well, some of this could be mitigated by user actions. So for example, they could manually only queue some UTXOs at a time. And I guess the other one also probably the, one of the other pieces of feedback that I was seeing with people, people were saying, okay, but how likely is it that some outside observer would know the state of your wallet and your UTXOs. In what sort of circumstances would you say that’s not true? Would you say perhaps that if let’s say chain analysis or one of these companies is working with an exchange, the user has KYC, but that exchange, if there is information sharing how feasible would you say that is?
Samourai Wallet:
Very feasible. So, but just first to answer the first, the first response. So we waited and got all the, so first the creators of Wasabi wallet never responded officially to us. And I’ve never really acknowledged that this even is a problem or, or exists, or if they have acknowledged it they’ve said that that it can be, it does exist, but it can be fixed with user added randomness. So it either exists or it doesn’t exist. So if user has to add random randomness and it exists right? If the issue can be solved, quote unquote with best practices enforced by users that’s just not a satisfactory solution, that’s not that’s not good for users or for coordinator as a service. The coordinator should be enforcing best practices wherever it can.
Samourai Wallet:
And shouldn’t be relying on users to add randomness cause one users are not computers and they’re bad at randomness. So it’s, that’s just absolutely ridiculous. Now the second point is actually more valid, right? So what is the probability or what’s the possibility of someone knowing the state of your wallet? Well, in the default way, that Wasabi works. And the way that it is suggested to be used by the developers and the community, it’s very likely it’s very, very likely that users of exchanges, that where they are KYC’ed and have data sharing agreements with chainanalysis, and that’s shared across the spectrum between other exchanges send the UTXO from exchange directly into Wasabi wallet, and then enqueue that UTXO, and start mixing, well, the exchange and by extension chain analysis, know the contents of your wallet. They know that UTXO belong to you and that went into a Wasabi. And as soon as you enter into a mix, if they were deploying this attack, they would be able to easily easily watch what you’re doing, where that UTXO goes in each mix transaction. And the more you remix, it doesn’t matter at all.
Samourai Wallet:
To me, that’s, what’s the point of mixing if your adversary can watch right through to the other side, what’s the point? You know, what’s the point of mixing, if there’s all these conditions attached to it to say, yeah, I wouldn’t use it for, I mean, there was the developer of wasabi wallet, but one of the developers of Wasabi wallet was on a podcast, just just yesterday or the day before admitting that he wouldn’t use it for anything like the dark net market or anything like that. Well, if they can’t use it, what the hell is the point? You know, it’s not like we’re advertising for these people to use our CoinJoins or stuff like that. But wouldn’t those people need it wouldn’t they use it if they can’t use it, you know, is it really even worthwhile, right? Like if encryption only works for like email encryption only works for the good guys, quote unquote, what’s the point, right? It has to work for everyone.
Stephan Livera:
Yeah. I think that’s quite a powerful, and I think it’s, to me, it seems, it all seems just very similar to a person’s views on say gun control, right? Like if you view guns as a check against government well then, you know, it needs to be available to a reasonable, like everyone, like it, can’t just be only for the government, let’s say. And I think in a similar way, the use of Bitcoin and ideally the use of Bitcoin in a private manner, if the person chooses to then it needs to be available for them. So I guess, I mean, that’s how I see it.
Samourai Wallet:
Well, I mean, if we want it to be any, any form of good money, then yeah, it has to be right now. My take is that the number go up, guys, the investment thesis for the investors is that Bitcoin has the possibility of being the best and hardest money. Right?
Stephan Livera:
Sure.
Samourai Wallet:
Well, no, it doesn’t if it’s not fungible and fungibility comes with a lot of, a lot of nasty actors lurking on the sidelines, you know, they like with cash, right. It has to be fungible. If it’s not, then it’s not good money. So I think there’s an intersection between the, you know, the investment thesis as good money and the privacy people, because we want the same thing in terms of fungibility. And if it’s not, if it can’t be used by the dregs of society and the most hated and most reviled people with the most awful views, if it can’t be used by them, if they can’t transact privately and freely, then what hope do you have of transacting privately and freely?
Stephan Livera:
Yeah. Right. And I guess the only thing to me that seems a little difficult with that is it, I wonder how feasible it is for large wallets or large, you know basically any large wallet to use some of these CoinJoin features and especially the on chain fees required for that kind of thing. Where, I guess to me, it seems like if you want to be private at smaller amounts of money, it’s easier to do that right now.
Samourai Wallet:
Well, I don’t know. It depends, it really, really comes down to the source. Once, once you’ve sourced Bitcoin, it’s relatively easy to attain forward looking privacy with the tool set of Whirlpool and post tools like STONEWALLs and stowaways, et cetera, and upcoming stuff, even the amount is, is not really the amount of Bitcoin doesn’t really play into it. It doesn’t really matter. It’s really about the backward looking privacy. How did you source that large amount? Did you know, if you KYC yourself to get it, et cetera, et cetera, and, what third parties know about that, you know, and a lot more than you think.
Stephan Livera:
Yeah, I see, okay. Let’s put it this way. Whirlpool volumes are growing and that’s a good thing. I’m excited to see that. But I suppose if you tried to move into Whirlpool right now with a huge stash, you wouldn’t be able to, because it kind of, it depends on there being enough people who are also trying to move through the mixer, correct?
Samourai Wallet:
Right, right. So, so we, we definitely impose a lot of restrictions. So for example, if you had a single, let’s say like a single 500 BTC UTXO we’ve seen this, we’ve seen 500 BTC UTXOs come into Whirlpool. It’s not that rare you have a big 500 BTC. You go into the 0.5 pool. You’re. You’re basically, yeah. You’re going to be waiting around for a while because you’re that whale, right? Like we know you’ve come in on one UTXO and each one of those 0.5 UTXOs need to be queued up and mixed separately from each other. We do not allow me UTXO to be mixed together that have been seen together before. So, so that’s a self-imposed rule that improves the quality of the mix on chain. So yeah, you’re going to be waiting a little bit.
Samourai Wallet:
That being said, the, the amount of time you will be waiting has been, what would have been three months ago, you’d been waiting a month. Now might be a couple of weeks, right? Like, so it’s growing every month. And the available liquidity unspent within the pool is growing every month as well, which shows that the pool is very healthy, that people are remixing and by people remixing, the anonymity set for everyone is, increasing in the pool. So, you know there’s trade offs. It’s not, going to be extremely fast if you’re coming in with a huge amount of Bitcoin. But if you’re coming in with a, you know, between whatever the smallest amount is a 0.01 Which is what, like over a hundred dollars or something, if you’re coming in with between a hundred dollars and I don’t know, hundred thousand dollars, you’re going to mix pretty quick. You know, you’re not going to be waiting around that long.
Stephan Livera:
Yeah, that’s good to see. And I think hopefully over time we see that build further and further. And I guess if a person is looking at, you know, looking on the blockchain and so on I think this is one point and we, I think we touched on this last time we were chatting is that it’s like, there’s this Samourai cluster. If you will, that as people come into it, they sort of become a part of a Samourai cluster and it then becomes a bit harder to sort of analyze inside of that. And so I guess, is it the case then that some of the chain surveillance companies, essentially, they sort of see the Samourai cluster and just kind of leave it alone, as long as it doesn’t touch any of their blacklisted addresses? Is that the way you’re thinking about it?
Samourai Wallet:
Well, yeah, that’s right. So we already know that for at least one of the chain analysis companies, when they encounter the Samourai cluster, it’s not that they blacklist it or ignore or void it. It they just basically know that they can’t make any reasonable assumptions with it. Right. So if you’re making a payment to an exchange, for example, and it’s coming from the Samourai cluster quote unquote, which maybe it came out of a, STONEWALLx2 or a cahoots or something like that, you don’t as an exchange or as not the exchange, but as the chain, inaudible the analyst who, who, or software algorithm that’s analyzing that, you know, that whatever you think is probably not right. And it’s, as long as it doesn’t hit those tick boxes of proximity to something blacklisted or some other thing, then it’s better to just put a question mark next to it and move on, because it’s just an unknown, there’s too many unknown variables in the mix, so to speak. And and when, you know, 70 to 80, probably even more like 90% of the transactions out there are deterministic and can easily be linked together. It makes more sense to focus on what can be linked with a hundred percent probability or 90% probability or 70% probability, whatever as opposed to, you know, the wildly varying probabilities of the Samourai cluster.
Stephan Livera:
I see. Yeah. And also some of this turns on the idea that some of the CoinJoin tools are there to actually try and break these heuristics. And so the idea is that the more these tools are used, the less reliable that heuristic is over time. So obviously it’ll take time for that to build up. And for that to really become a factor.
Stephan Livera:
But for example, if a lot of people are using STONEWALL or STONEWALLx2, then it becomes a lot harder for a chain surveillance analyst to try and understand exactly what’s going on when they look at a specific transaction. But I suppose one criticism there might be something like, well fine, but what’s the actual volume of Samourai uses and how many of them are using these collaborative methods. And I suppose this is probably a good point to bring up Soroban. So can you tell us a little bit about that? What is it and how does that help?
Samourai Wallet:
A Soroban? Oh, well,
Stephan Livera:
Soroban, sorry.
Samourai Wallet:
yeah, no problem. So actually before I talk about Soroban, maybe your users aren’t aware, but earlier in the year we had a disclosure presented to us privately as well. And the disclosure said that they, that this person had found 5,000 instances of address reuse within postmix spends from Samourai. So we took this obviously very seriously, and we launched a, a very in depth investigation into postmix spending in Samourai Wallet and what we found well we found that the 5,000 instances of address use was completely bogus. It was actually, there was small, a small amount of address reuse, but it was nowhere near 5,000. It was about 200 instances, but we resolved that issue. But what I bring this up is because we did such an in depth study that we know how many users, as of whatever we wrote, the disclosure was in July.
Samourai Wallet:
We know how, how much activity postmix spending how much postmix spending has been STONEWALLx2’s versus single direct spends, for example. So we have a pretty good good idea. So in July, when we ran the numbers 26% of post mix spends that have ever happened from the launch of Whirlpool 26% are STONEWALL or STONEWALLx2 and 19% were standard normal payment transactions. While we can’t tell whether those are stowaways or just a normal, you know, single party payer. And then the rest basically were sweeps. So sending a specific UTXO with zero change back to the user. So we have an idea of how many people are interacting with the post mix tools. And it’s very compelling. We’re very impressed by that number. We thought it would be far less than 26%.
Samourai Wallet:
We thought maybe it’d be like 15% or something like that. So, so we know people are using STONEWALL and STONEWALLx2, and they might be using stowaways. Now this, now we can tie into Soroban because what Soroban is it’s a Tor based encrypted communication layer. And what this is going to allow for is for two clients to Samourai Wallets, to talk to each other in an encrypted fashion over Tor and what they can say to each other is limited by your imagination. Basically, what this communication layer unlocks is so many, so many valuable feature ideas and improvements. And also because it’s an app agnostic layer it has nothing really to do with Samourai Wallet. It’s completely a independent development. It can be implemented by other projects who require a communications layer for their tool.
Samourai Wallet:
So for example, the biggest, the biggest example would be JoinMarket, which right now relies on IRC to communicate between clients well, JoinMarket could implement Soroban as a, as a communication layer and, you know, a lot of the reliability issues and a lot of the latency issues would be solved immediately what we’re doing with Soroban as our first application is tying it into the communication process of our stowaway and STONEWALLx2 transactions. So right now, if you want to do a STONEWALL X, two or stowaway, you have to basically go through like a four to five step process where you’re sending a QR code back and forth, or sending a payload back and forth. Or if you’re in person scanning four or five QR codes Soroban completely automates the procedure. So all you basically have to do is say, I want to do a STONEWALLx2 with Stephan Livera and go, and it will basically happen in the background.
Samourai Wallet:
And it’s been, I think we’ve clocked it at eight to 10 seconds to complete and that’s with zero interaction from the user. So it really abstracts away the entire STONEWALLx2, and Stowaway process and creates a transaction that is very familiar, right. You put in an amount and you press that, you press go and send and it kind of just happens. So that’s a huge achievement, and we’re really excited to bring that in. And I think that’s going to increase significantly the amount of STONEWALLx2’s and stowaways.
Stephan Livera:
Yeah, it sounds really cool. So maybe just to clarify, so let’s say, you know, you want to do a Soroban, Cahoots style transaction with me. Would I have to have my wallet, like my phone on and the wallet open in order to do that? How would that work?
Samourai Wallet:
Yeah, right now that’s, that’s obviously a limitation. There would have to be some sort of out of band communication. Like I would tell you, Hey, let’s do a, you want to do a STONEWALLx2, two with me and you’d go, okay. And you would open your wallet and it provided your wallets open, then we would be able to communicate with yeah. And that’s sort of like, that’s the version one, right? Like by version three, that we might be able to have some sort of queuing system. We might be able to have, you know, a notification system to say, Hey you know, a Samourai Wallet wants to make a STONEWALLx2 do you want to accept it? And you can, then you get that notification on your phone and then you can open up Samourai and accept it, for example. So, you know as, but as a version one, yet you, you both would need to be online.
Stephan Livera:
Gotcha. And so how would the connection work there? Is it some kind of PayNym thing or how does that part work?
Samourai Wallet:
Okay. So the identity, yeah. We’re, we’re using PayNym as the identity part of it. So I would, I would know I would have you in my PayNym list necessarily, I wouldn’t necessarily have to have a connection active with you. I wouldn’t have to pay the connection fee or anything like that. I just need you in my list. And I would be able to say this is the person I want to, I want to STONEWALLx2.
Stephan Livera:
Oh, that’s pretty cool, man. I’m excited to say that because that, I guess that makes it a lot more feasible because in practice, you know, there’ve been times obviously I’ve been able to, sometimes I’ve been able to successfully get a cahoots transaction done, which is the STONEWALLx2 or the stowaway. But in other cases, I’ve tried to pass back and forward the that what’s it called the QR or the the payload. And there are times where it just kind of bugged out or, or in some cases it might be that I didn’t, or my partner didn’t have the correct amount of UTXOs or that it’s something about the composition of their wallet didn’t make sense for it. But I suppose, hopefully if it’s kind of like a more automated process and that makes it a little bit easier for people who want to try these kinds.
Samourai Wallet:
Yeah, definitely. So, so one, one way that makes it easier is because you’re not limited to manual transmission. If the UTXOs aren’t available, it can immediately pop up and say, Oh, no, sorry, can’t do it because you don’t have enough UTXOs. Or the amount is too high or something like that. So we can interject earlier. And the other nice thing is that if there is some sort of failure, it can automatically retry without the user, without the user having to do anything different. So it really, it really should increase the UX of this functionality. Cause you’re absolutely right, right now, it’s still more, you know, it’s still more of a hobbyist feature, right? Like you need to, you need to really want to want to achieve that privacy gain in order to gain it. Right. You have to really work for it in some sense, whereas this is going to bring it to a wider audience where they don’t really have to do much, they just have to know someone.
Stephan Livera:
I’m curious. And is that a possibility? So obviously the first round would be more, as you mentioned, having that PayNym for the identity, would that mean in future, you might collaborate with a totally random other Samourai user that you don’t even know?
Samourai Wallet:
No. we don’t want to necessarily do that. Not for the, not for the STONEWALLx2 or the stowaway. The only reason we’re not, we’re not doing that for those, for these features is because you are exposing a UTXO to this counterparty, right. So I would be saying, Hey, this PayNym or this me owns this UTXO, would you like to swap it around and you would say, yes, I own this UTXO. You’re sharing knowledge of UTXO with your counterparts. So we wouldn’t want to do that with just totally random person. But there’s, but there’s absolutely use cases for Soroban where you can, where you can see for example, multi-party Tx0’s. So where you have multiple Tx0 or multiple inputs of, or sorry, outputs of a Tx0 belonging to different different people. So you can no longer assume that a TX zero from Whirlpool is one entity or one person.
Stephan Livera:
I see. And that makes it a little bit easier as well, because right now you do have to be a little bit careful with your, with your Tx0 change, also known as doxxic change. And if you were to send that in with some other incoming UTXO, then you might be linking things in a way that obviously you don’t want to. So this might be a way to break that heuristic. Yeah,
Samourai Wallet:
Well, this will break the heuristic, right? So as soon as we turn that feature on from that day forward, you can no longer look at any Tx0 and say, this is this entity you would have to go, this could be this entity, but also other entities. So, yeah, it’s just a way of, and it goes back to what I said earlier that privacy on Bitcoin on a public chain is really about messing with heuristics and disrupting flows of inputs and outputs. And that’s just an example of it, it’s throwing in additional confusion.
Stephan Livera:
Yeah. So I guess just kind of summarizing the flow, I guess, just for listeners who maybe they’re not as familiar with how it works. So let’s say, I guess in the ideal case, you are running your own dojo. So, you know, you can buy a nodl or you can run a RoninDojo or myNode has it also, or you can run vanilla dojo as well, if you want to run that. And so then you would send some money into your Samourai Wallet. You’d run that through a Whirlpool to get the mixing benefit. And then you would, on the way out of that, you would want to do a STONEWALL or a STONEWALLx2 spend so that you are making every spend a CoinJoin. Now, in that example, let’s say the user has done that. How often should they be like sweeping and running it back through the Whirlpool from their post mix wallet from, you know, different discussions. I’ve had some people that said, Oh, you can do a few spends in that state and just keep using STONEWALL or STONEWALLx2. And then after a little bit of time, you should be sweeping some of that. And then going back around through Whirlpool and doing it for another, you know, rinse, if you will, could you just articulate just for us, what’s kind of a recommended flow there for privacy purposes?
Samourai Wallet:
Sure. that’s a great question. So, so after you’ve whirlpooled, after you view bought your Bitcoin or got your Bitcoin into Samourai Wallet, you’ve added your Bitcoin to Whirlpool and it’s mixed. My suggestion is to leave it in Whirlpool while it remixes for free. So you can leave Whirlpool running and it will register for remixing. Remixing is really important for your privacy and the privacy of everyone else in the pool. And it doesn’t cost you anything extra. So until it’s time for you to spend, now, it depends on what you’re doing when you spend. Now, there’s two types that we’ve seen of spenders out of Whirlpool. One is they’re spending on goods and services or products. And the other type is they’re spending to their cold storage. So they’re going through Whirlpool, they’re getting a couple of remixes and then they want to move those UTXOs to their cold storage device.
Samourai Wallet:
So for the first set of users, I’ll talk about first. So for the people who are spending on goods and services, the change that the transaction that gets created when you spent, from post mix will by default be a STONEWALL, if it’s possible, and it should be possible because it’s usually very easy to get STONEWALL transactions from postmix. Cause you have plenty of like size UTXOs. So it’s usually not a problem. So provided that a STONEWALL is created and it will be by default, there’s really no issue with, with continuing to use the wallet for postmix spending provided that you can get STONEWALLs at if at a certain point, when you go to spend, you can no longer obtain a STONEWALL transaction anymore. It’s probably because the, all the UTXOs that could be used together had been seen together and STONEWALL won’t trigger if that’s the case at that point, what you don’t have to sweep it or anything. But at that point you can select that UTXO in the wallet and add it into Whirlpool again, into a fresh Tx0 again right directly from postmix. So you don’t have to sweep it back to account zero and then go into Whirlpool. Again, you can reenter a new Tx0 directly from the postmix side. And you should do that. Like I said, when you can no longer create STONEWALLs with your postmix wallet.
Stephan Livera:
That’s the mixing to spend case. And then how about now the mixing to cold storage case?
Samourai Wallet:
Okay. Yep. So mixing the cold storage is a little bit different. I would, again, try to achieve some target of remixes, whether that be two, three, five, 10, whatever, depends on how long you want to leave the Bitcoin on in Whirlpool in the Samourai Wallet. Once the time once it’s time to spend, what I usually try to recommend is try to send the largest amount that you can while still triggering a STONEWALL transaction to your cold storage address, to your first cold storage address. Right. and that could be, let’s say you have one Bitcoin in there in your post mix and that’s made up of various UTXOs or something like that. You send, you’re able to send 0.5 BTC, right? And still obtain a nice high entropy STONEWALL. Then what I would do is send that transaction.
Samourai Wallet:
What what will end up happening is you’ll have a nice 0.5 BTC on your cold storage. High entropy as a STONEWALL transaction. And in your post mix, you’ll have a 0.5, whatever BTC change output will be the same amount. I would leave that there for a day, two days, three days, whatever, some amount of time, and then sweep that directly, that one UTXO directly into a new address on your cold storage wallet. So the gist of it is try to attempt high entropy STONEWALL sends to your cold storage. And once you can’t anymore than directly single spend each UTXO over without linking them together, that’s the best way for moving to cold storage, what you don’t want to do. What you’re trying to avoid doing is linking and merging all the UTXOs together that have, that have been mixed into one transaction that has only one interpretation, which is all these UTXOs belong to one entity.
Samourai Wallet:
And now this new entity, which is your cold storage device, has all these UTXOs. Now you haven’t, you haven’t linked them to their pre-mix activity, but you’ve made it a lot easier for a targeted analyst to say, okay, we know the output is XY amount. So let’s look for Tx0 inputs of roughly that amount and start, you know, paring it down, right? Like, so it’s just giving people, it’s giving analysts and observers a cookie crumb to pick up and to use against you. And there’s no need to do that. If you can avoid it.
Stephan Livera:
Also wanted to chat a little about, about Solomon. So you mentioned this in the prior episode as well, is there anything further you can share around Solomon and you know, what it is, how it’s going to work?
Samourai Wallet:
Yes. Solomon is our all encompassing coin selection algorithm and UTXO grading algorithm essentially. It essentially gives a memory to the wallet and it gives a memory to the wallet in the sense that it remembers what UTXOs were used for, and it automatically tags them. And it remembers what heuristics were broken with different UTXOs, and then can start stacking different privacy heuristic busters on different UTXOs or complimentary UTXO all of this happening behind the scenes and without the user manually needing to intervene and manually tag and notate stuff, which they could still do. We just don’t need to rely on users to do that. So Solomon basically takes all the different coin selection algorithms that are, that are available in Samourai Wallet that have their own little fiefdoms right now and brings them all together into one, one algorithm that can work together essentially. So development is still progressing on that and it’s going very well. And we’ll start to see, we will start to see the first instances of Solomon making, making an appearance in Samourai will very soon.
Stephan Livera:
What are some examples of information that it could use in composing a transaction? Like how, what sort of information can it take in?
Samourai Wallet:
Well, for example it might prioritize using Tx0 doxxic change in Stowaway transactions because that’s a really, that’s a great way to break the heuristic that a single participant is the owner of the doxxic change. And when they make a simple transaction, they’re obviously the same owner on the other end, but in fact a stowaway transaction is two participants. So you don’t know who the actual entity is. So it’s basically like like I said, it builds it will be able to build on complimentary heuristic busters and know certain UTXOs should be prioritized for certain, certain things. And the UTXO of a STONEWALL three or four hops down in the past. Maybe shouldn’t be used as a UTXO in this transaction because that at, for an analyst would link the two things. So it’s basically having like your own little chain analysis analyst in your wallet, and it’s all client side. It’s nothing to do with OXT or our servers, it’s all using client side logic and to remember and understand stuff.
Stephan Livera:
Yeah, very cool. And I guess these are just things that, you know, no human is going to be able to remember which piece went to where and so on. So obviously it’s better to have the computer manage that for you.
Samourai Wallet:
Definitely, definitely. You know, for humans, you can do it but it has to be extremely targeted and it takes a lot of time. And it’s very frustrating, especially, especially when you start to encounter that Samourai cluster, you know, or you enter into a Whirlpool or you enter into something like that. It just becomes very frustrating for, for a human to do, having a computer do it there. You know that chainanalysis are doing that, you know, that they have computers and algorithms running all day. We just want to give that power to users as well. Right. We want to give them something to match the weapons that are being used against them. And we think Solomon is a great step forward in that direction because it doesn’t rely on the user knowing anything, but it gives them the power of their wallet knowing say, Hey, you know, if I merge this UTXO with this UTXO. I’ll be undoing a STONEWALL transaction five or six hops in the past. And, you know, like that’s epic because no user would be able really to go and no user is going to go and analyze their UTXO history five hops ago to make sure that this current transaction is gonna, you know, not screw anything up. And it’s a real way for users to degrade their privacy. Solomon should really account for a lot less of that happening and we’re really excited about it.
Stephan Livera:
Cool and also Samourai has Sentinel, which is a way to have essentially a watching only application what’s the plan with Sentinel and Sentinel X?
Samourai Wallet:
So Sentinel X is just a fork, by our developer invertedX he was trying out some new UI stuff and some new frameworks with Sentinel X. And it’s kinda just like a test bed Sentinel just received an update a couple of days ago. And I think an update yesterday to add in Dojo and Tor support and a very big update that has been in progress on, on Sentinel over the last couple of months, which is gonna very much increase the offline mode functionality of Samourai Wallet. So it’s going to be more of a complimentary application than just a watch only wallet. It’s going to be more complimentary to your Samourai Wallet, especially if you are relying on Samourai being in offline mode or in cold storage mode or whatever you want to call it. You wanna do PSBT type transactions etcetera. All of that can be managed from Sentinel in the next update.
Stephan Livera:
I think that’s really exciting stuff to see. Is there anything else you wanted to touch on before we wrap it up?
Samourai Wallet:
Well, and I think we covered all the, all the big bases. Yeah. I think that about does it, I just want to encourage people to keep Whirlpooling, keep using the features. Whirlpool volume is increasing every day and and the amount of mixes are increasing. The throughput is increasing. So people, the message is getting out there. People are using the product, and I hope that that people are achieving what they’re setting out to achieve in terms of their unchain privacy. I hope they’re getting that and they’re happy that they’re getting that with Whirlpool.
Stephan Livera:
Fantastic. So just for listeners who don’t know where to find you, where can they find you?
Samourai Wallet:
You can find us a samouraiwallet.com. That’s samouraiwallet.com and the same on Twitter samouraiwallet.
Stephan Livera:
Excellent. Thank you very much for joining me.
Samourai Wallet:
Thanks again.