Adam Ficsor from Wasabi on Reclaiming Your Bitcoin Privacy
Download Episode MP3 File
The file will open in a new window. Click down arrow to download the file.
Interview location: Skype
Interview date: Wednesday 24th April, 2019
Company: Wasabi Wallet
Role: Cofounder and CTO
User experience is something I have regularly found as a problem in Bitcoin, perhaps due to a lack of experienced UX designers in the industry. Sometimes I question whether this is something we accept and is the cost of self-sovereignty or whether it is something we should push for higher standards.
Bitcoin is hard though; it can take time to understand and a lot of work to protect your holdings. This itself is a good thing; it makes holders responsible for their security and can teach painful lessons if you make a mistake.
Wasabi Wallet is leading the fight for financial privacy and includes several tools to improve this with Bitcoin. With Tor and CoinJoin, users have both a network level anonymity and the ability to mix their coins. While these tools are great and offer financial privacy for all, they are complex to use and currently out of the reach of the less technical.
In this interview, I talk to Adam Ficsor, the co-founder and CTO of Wasabi Wallet. We discuss user experience, fungibility, anonymity v unobservability and CoinJoin.
TIMESTAMPS
00:04:34: Introductions
00:05:27: Background to Wasabi wallet and why privacy is hard in Bitcoin
00:09:09: Exploring privacy and fungibility in Bitcoin and Wasabi wallet
00:16:38: Outlying some of the questions surrounding passwords and seeds in Wasabi
00:23:47: Discussing transaction labels in Wasabi and Blockchain analysis
00:28:39: Exploring the complications surrounding bech32 addresses
00:36:18: Discussing the UX of Wasabi and Bitcoin
00:43:07: Delving into the background of CoinJoin
00:46:34: Exploring the technology behind CoinJoin and how it enables anonymity
00:52:41: Discussing future implementations of CoinJoin and confidential transactions with Bitcoin
00:58:26: Touching on potential future iOS and Android versions of Wasabi wallet
01:01:00: Discussing Adam’s exposure to Lightning, his views on the project and building on top of it
01:05:54: Final comments and how to stay in touch
SUPPORT THE SHOW
If you enjoy The What Bitcoin Did Podcast you can help support the show my doing the following:
Become a Patron and get access to shows early or help contribute
Make a tip:
Subscribe on iTunes | Spotify | Soundcloud | YouTube | Stitcher | TuneIn
Leave a review on iTunes
Share the show and episodes with your friends and family
Subscribe to the newsletter on my website
Follow me on Twitter Personal | Twitter Podcast | Instagram | Medium | YouTube
If you are interested in sponsoring the show, you can read more about that here or please feel free to drop me an email to discuss options.
SPONSORS
Patron Sponsors
And a big thank you to Rise Wallet
SHOW NOTES
Connect with Adam:
Mentioned in the interview:
Other relevant WBD podcasts:
THANKS
A big thanks to my WBD Maximalist Patrons for helping support the show: JP Petit, Logan Shultz, Seb Walhain, Steve Foster, Tony, Gordon Gould, David Burlington, Jesse Powell and Wiel Menger.
TRANSCRIPTION
Peter McCormack: Hi there Adam, how are you?
Adam Ficsor: Hey Peter, I'm great.
Peter McCormack: Thank you for your patience in getting this interview together, as I wanted to download the Wasabi wallet before we spoke because I wanted to have a play with it and see how I got on and see what my experience was so we can include that within the interview. So thank you for your patience. But how are you, how is everything at Wasabi?
Adam Ficsor: Yeah, it's great! Just a quick questions, when did you download it? Because I just released the new version with many, many updates yesterday. So not even 24 hours ago!
Peter McCormack: I downloaded it this morning.
Adam Ficsor: Ah, okay. That's probably good!
Peter McCormack: Well yeah, but we'll come to it because I did have some problems, which I want to talk through.
Adam Ficsor: Which OS?
Peter McCormack: With Mac OS.
Adam Ficsor: At the first start, with the new release on Mac OS, it freezes and after that it works. I'm not happy about it!
Peter McCormack: It didn't freeze for me. That didn't happen. I got him fine. But in trying to use it, I came across some difficulties, but I think it's mainly because I'm not the most competent as everybody knows full well and keeps reminding me, I'm not the most technically competent. But look, we'll come to that.
So I listened to your interview with Stephan Livera, which was great and you've covered a number of things in there, I don't really feel we need to cover again, because people can listen to that excellent interview. But it would be good though just for my listeners, for you just to give a background of how the Wasabi wallet came to be and why privacy was something you wanted to focus on.
Adam Ficsor: How much time do you have?!
Peter McCormack: I've got plenty!
Adam Ficsor: This whole thing started out when I get into Bitcoin and I was a .net developer and I had nothing to work with. I wanted to build stuff on Bitcoin, but there were no tools for .net yet. A year or two later, Nicolas Dorier came out, with his .net library card in Bitcoin and that started out my .net developer career in Bitcoin. I wanted to find a project to work on and I saw this thing called JoinMarket.
JoinMarket is a Bitcoin mixer and is a very, very clever way to solve the liquidity issue that Bitcoin mixers have when they start out. I thought that this was just a command line tool and it has no user interface, but so many people were so excited about it and I said to myself, "I just write the user interface for it, people will start to use my software and I'm going to be happy."
Now from then on, I started to encounter issues and more and more issues and I learned more and more about privacy and why it's so hard in Bitcoin. This led to me writing Wasabi wallet, which is what you're using today. So I was not a freedom fighter. I just had technical issues that I wanted to solve and iterated forward and forward and now it's the last iteration of my privacy wallet software that sees a lot of users! Yeah, I am happy.
Peter McCormack: Why is privacy so hard in Bitcoin?
Adam Ficsor: Because the ledger is public. So it's really hard to hide information when everyone has to verify that no one's cheating the system. While we figured out ways to do that with Monero and other cryptocurrencies, but they break consensus, so they are other cryptocurrencies.
But in Bitcoin, it's even harder because some things are not baked into the protocol and that's what I am working on because Bitcoin is the most used and I want people to use my software.
Peter McCormack: Let's talk about fungibility and privacy. So they're not exactly the same thing. Some people automatically assume fungibility means privacy, but they're actually two separate things.
Adam Ficsor: It really depends on what point of view you are looking at. Fungibility is mainly an economic concept. Privacy, maybe you should tie it to law and then there is anonymity and observability, these things are more like the technical concepts. So fungibility, it just means inter-exchangeability. You have to have this property for money because if you lose too much fungibility in money, then you are going to see the consequences or just no one's going to use your money.
This ties into privacy, as fungibility is a systemic issue and a systemic property of the money. Privacy is a human right. It's more like the micro, fungibility is the macro. So privacy is what you want to achieve personally for yourself. Fungibility is what we want to achieve for the Bitcoin ecosystem and how do we achieve privacy? How do we achieve on anonymity? How do we achieve fungibility?
We achieve it through building systems that have strong anonymity properties and if we fail because anonymity is not un-observability, so there is a chance that we fail and governments or exchanges or regulators, whoever they are want to blacklist anonymity things. So people should not try for anonymity. Then we can still default back and try to build the systems, that are achieving more un-observability and the Lightning network is a great example for that.
It's really hard to built anonymity on the Lightning network because your privacy will be... It's very hard to quantify, but because the Lightning network built un-observability in a way that takes away data, it hides data, anonymity is more like you are undeniably anonymous reading a set of people. So that's the relationship between the concepts as I see it. But as you can see, it ties into so many fields; law, economics and tech.
Peter McCormack: So essentially fungibility is a property of privacy. So the goal with Wasabi is to create fungibility so that there aren't tainted coins. The governments can't identify coins that are tainted and therefore there isn't any risk or situation where you are using or passing on tainted coins. The privacy side of this is whereby you then have the ability to send and receive coins, without being tracked. Is that a fair analysis?
Adam Ficsor: Yes, it's a fair analysis. Definitely.
Peter McCormack: So I've heard people say before that fungibility isn't so important in Bitcoin, because there isn't yet a market for tainted coins. If there were, I think it was maybe Dan Held, said he would buy up the cheap tainted coins, bounce them two or three times and sell them again. Have you heard these kinds of explanations?
Adam Ficsor: I heard these kind of explanation, but I don't really know where to put them, because there are no markets for clean and the unclean or whatever tainted coins, because we can say that Bitcoin did not lost the war in fungibility. That's a very good argument. I'm not sure any other conclusion or what kind of conclusions can you conclude from this notion that there is no market.
Peter McCormack: Fair enough. Okay. So how do you achieve fungibility with Wasabi wallet? What is it you're doing in the background to make this happen?
Adam Ficsor: There are two very important aspects of it. One is the network level privacy and the other one is the Blockchain level privacy. On the network level privacy, it's about how you are broadcasting your transactions. Do you expose your IP address to other people and how you are establishing your valid balance, because every light wallet establishes your wallet balance by querying from someone.
If I asked you, "hey, how much money do I have on this address" or "how much money do I have on this other address", then you will know that "hey, these two addresses are mine and how much money I have", which is not the idea! So this is the network level aspect of Wasabi. We actually achieved, just yesterday released the theoretically best network ever privacy that we can have in cryptocurrency, so that is awesome!
I can go into the details later if you ask me. In a very short summary, we are using Tor for everything and we are changing Tor identities basically between every action we are taking, when we are fetching blocks and when we are broadcasting transactions. The other big aspect of privacy is the Blockchain level of privacy.
So you had issues using Wasabi or maybe you are just not that used to it, that when you receive coins from someone then it actually shows up in your wallet as a coin and not as a wallet balance? Maybe that was the most confusing part for you?
Peter McCormack: Well we can work through it actually. None of this is a criticism because I understand you guys are very early on and this is very early work and I always try and represent my work from the people who are less technical, less knowledgeable, don't have the skills to maybe figure a lot of the complex things out. So I think that's maybe some of the problems I'm having.
So my experience of wallets are... I have primarily two wallets I use. I have a mobile wallet, which I keep a very small amount of Bitcoin in. I'm currently using Dropbit, as I think you're aware and I also have a hardware wallet. The experience on both is pretty easy really. If I'm using my mobile wallet and I've got to send it to somebody, I can just point my camera at a QR code, click send and off it goes. All the hard work's done for me and very similar with my hardware wallet.
But when I went to set up my Wasabi wallet, it's obviously an extra level of complexity. I had no problem by the way setting it up. But I do have a couple of questions about it. So when I first set up, it said, "you cannot recover your wallet without your password. Therefore we strongly advise you to use a password that you will not forget." So the first thing I thought about with that, was like, "that kind of implies I should use a password, which is almost like a regular password", but isn't that slightly risky? Shouldn't I be using a completely unique and independent password?
Adam Ficsor: Well do you mean you want to use some some kind of asterix that a password manager gives you?
Peter McCormack: Yeah.
Adam Ficsor: You can use it. You just don't forget it! This is the responsibility that comes with using Bitcoin. If you lose your private keys, then you lost your money.
Peter McCormack: Yeah, no I understand that. I kind of felt like the language probably should have been more like, "make sure you do not lose this password", because the language of "make sure you use a password that you will not forget", it kind of implies it's one I need to remember in my head. Do you see what I mean?
Adam Ficsor: Yes. That's what I meant.
Peter McCormack: Ah, that might be a language shift, that might be slightly better. Then it only asked me to put my password in once, so I thought, "what if I make a mistake putting it in, what would happen?" Why don't you ask people to put the password in twice?
Adam Ficsor: We were asking people to put the password in twice. We had a lot of... Everyone is worried about if they get hacked, but we never get any reports about people getting hacked. But we get so many about people forgetting their passwords. So we started to reconsider. Maybe we can improve somehow this password handling stuff. Okay, so this was one of the implemented strategy, to only have one password box, when you are choosing your password. So what are you going to do?
You have your adrenaline go up in, "okay, if I write this password wrong, then I might lose my money." But the trick is that after the mnemonic words are written down, the usual stuff, after that you actually been taken to a password tester and you are testing... We don't let you in your wallet until you test your password at least once. So people write their passwords, when you have two password boxes, password and password confirmation. They're writing, and they make the exact same typo, it's like they still have it in their working memory.
But then if you have only one password box and then you have to do something else and then after that, we are going to ask you the password, then you will not have it in your working memory. So you have to remember back and that's when you will get the verification. So this was a test, but it's extremely successful because the last two months when we implemented these strategies to make you not forget your password, it's unorthodox, but we didn't get any password lost requests. So I'm really happy about that actually.
Peter McCormack: Ah so that's good! So how come you can't restore just from the seed alone? How come you need the seed and the password?
Adam Ficsor: Okay. There are multiple reasons for that. Power users want to use passphrases. But again, if you have to use a passphrase, then chances are you're going to use your password. So why not just have the same? I don't even, okay... So what is a passphrase? You have the twelve recovery phrase and then you order another word for it, that's the passphrase and that just having the same as your password.
So it's very insecure to simply have that recovering words. If you simply have the twelve recovery words, anyone can see it and re-create your wallet. I didn't actually know that wallets were doing this, to give you 12 words that you have to store securely. I don't think that's a good idea.
So let's just swap those words with your password and then the attacker needs to know your password and your recovery phases, so your mate is not going to do anything with your recovery phrases, except if you're using a password manager and not keeping your password in your mind.
Peter McCormack: Yeah, I guess I felt like if I have to hide my seed somewhere and then now I'll have to hide a seed and the password?
Adam Ficsor: Yeah. I am not sure how many people are using a password managers, but I think that's a minority, I would say. The best way to keep your password, and I'm doing this since university, so a very, very long time, you have to have an algorithm for your password. So here is a website you want to login and based on the website, your algorithm that generates your password, that's algorithm is very, very simple and it's in your head.
This way you get a different password for every single service you are using and you always remember because you know the algorithm and no one else knows the algorithm. So if one service gets hacked, the other one won't. That's my thing. Some password managers, yes, then you have to write down the password with the mnemonic words if you are doing the password manager stuff. I am not a fan of them. But I mean these are pretty much implementation details, maybe we can go on some more interesting topics but your opinion.
Peter McCormack: Yeah. I guess for me, I found it kind of confusing and scary because it said "if you lose your password then you've lost your wallet", and I was thinking, "oh damn. So there's two things I need to actually keep a record of now." But anyways, so I went into the wallet and I created my first wallet. The first thing I went to do, was trying to receive. So I set up a test payment and it forced me to have a label, which I thought was quite interesting because I've never been forced to have a label on payments before. Why is a label required?
Adam Ficsor: It's because after you make some transactions, you will see on your CoinJoin tub, that we are doing some Blockchain analysis and we are trying to... When you see a coin in your tub, then we put labels next to it. Those are wallet clusters of yours. So those labels next to your coin, are not actually the label of your coin, but those are wallet clusters, those are multiple labels. So we are doing some Blockchain analysis and we are trying to figure out, "hey, these coins might be in the same cluster."
So this might be what Blockchain analysts see from your wallet. So for example, if you get 5 Bitcoins from Coinbase and 0.1 Bitcoin from me, and then you send this 5.1 Bitcoin, to someone else, then you are making a transaction where you join together the two coins of yours. Now what Coinbase will see is that "hey, this other coin was yours too," which is not ideal. So then you would have the label, if you would have a change output, you would have a label that "hey, this is the change of Coinbase and Adam and another thing who you sent the money."
So you can see that those coins are, well figure out that they are associated with each other and this is what the CoinJoin is for, to actually break these associations. But you can use a sab without even coinjoining at all and you can just see the associations and make very easy decisions that, "hey, I don't want to send this money that I got from this shady guy to someone", I don't know, whatever, you can figure out! This is the issue with privacy on public ledgers! You have to keep track of things, but I think it makes it easy for you. You just have to make some transactions and everything will make sense very, very quickly I think.
Peter McCormack: So do you see Blockchain analysis as the enemy?
Adam Ficsor: Yeah, it's a good question. So yes, I consider Blockchain analysts as our adversary because they are the most advanced adversary that one can choose, who is building a privacy wallet. Now we don't consider the lock up policy, where someone goes into your house and forces you to decrypt your computer, they are not our adversaries! So if they decrypt your computer, then they will see everything on your disk or if it's not decrypted, because you don't have to decrypt it. Never mind!
Our adversary is Blockchain analysis and not these traditional kind of attacks because there are already solutions for these traditional attacks, like using a veracrypt, where you encrypt your stuff and then you have a secret encryption layer. When someone goes into your house and forces you to get your stuff, then you open the secret encryption layer. But these problems are already solved, not in the most usable way, but they are already solved and people can use it. What's not already solved is to protect you against Blockchain analysis, so that's the thing, we are looking for solutions.
Peter McCormack: So I went to send myself some Bitcoin. I wanted to send from one of my wallets into my Wasabi wallet and just have a play with it. I wasn't able to do it. So I tried from both my Dropbit mobile wallet and I tried from a Ledger and neither able to, they just wouldn't send. They had a problem with the address. Obviously these are... Is it pronounced bech or batch?
Adam Ficsor: I think it's bech. When Peter Wuille brought the BIP, he said, "hey, let's call it bech32 addresses, because it sounds like batch."
Peter McCormack: Because these are bech32 addresses. So I'm guessing they're just not universally compatible?
Adam Ficsor: Yes.
Peter McCormack: So can you explain to me what a bech32 address is and why it's different, from say other addresses?
Adam Ficsor: Okay so, you might see that there are a lot of philosophical arguments for and against SegWit and native SegWit and all this kind of stuff. We are not taking any fields or sides. We are using bech32 addresses because we have to use them. I'm not going into why we have to use them. It's something about malleability and CoinJoins and how you are establishing your balances. But the point is that these addresses are smaller.
So you make a transaction and it's going to be cheaper, than you would make a transaction from a normal wallet. The other option of these address is it is very, very fast. So right, now the only big services left who didn't implement it yet is Binance, Bitfinex and Ledger. Actually I even opened an... Anyone who's listening who is a Javascript developer or node.Js developer, look at Ledger's Github and I have a 0.1 Bitcoin bounty for anyone who is implementing bech32 send ability.
Peter McCormack: That's essentially when the experience broke down for me. So I tried to send twice and I am a non-technical person. I often get criticized for it, but I'm very comfortable with being that non-technical person because I think a lot of people will go through similar experiences of mine and for the big mass adoption, we have to have a better user experience.
This isn't a criticism, it's just that this is where the experience broke down. I did obviously then go online and do a search for bech32 addresses and why I can't. I obviously then found out that Ledger doesn't support it and then I assumed it was the same for my Dropbit wallet. But that was where the experience broke down for me. And I was like, "oh, okay." So really it's just waiting for universal support of these addresses?
Adam Ficsor: Okay, two very important things here. First we wanted to add, "you can receive to other kinds of addresses, but that's not going to be that private." We wanted to hack it around, but the adoption lately, it went so fast and actually we had testing and implementing it to BitcoinJ, which is a Java Library, which a lot of big services are relying on.
Now they gave out their release. The point is that, now we see the adoption is happening so fast that we are thinking about, "maybe we just don't bother with it. It just doesn't work." This was one. The second very important thing is that bech32 send ability is relatively simple and extremely non-controversial to implement.
So if you are using a wallet or a service that cannot send to bech32, that's a very strong sign that that service has not everything in order and you might want to change it regardless, if you need to send to bech32 or not because, they either don't have good developers or any developers or something. But there is something seriously wrong with the service that cannot send to bech32, so just keep that in mind!
Peter McCormack: So you think there's something seriously wrong with Ledger, Binance and Bitfinex then?
Adam Ficsor: Yes.
Peter McCormack: I think that one of the things that always comes to my mind, is that previously I was a UX designer so I'm sometimes hypercritical. Now my favorite book was a Steve Krug book, which I've brought up in a few interviews, it's called "Don't Make Me Think." In the process of this, I have to think and I have to then go and search on Reddit and find things and find out why things don't exist. So for me as a UX person was like, "oh, this just falls apart as an experience!" Like I say, it's not a criticism of you.
I appreciate the work you're doing. I've spoken to lots of people. I know you're universally loved for what you're doing. So I guess one of the things I'm getting at, is that you guys are just super early now. What you're building is essentially the building blocks of what the future Wasabi wallet will look like, and I'm guessing when you get onto version 3,4,5, a lot of these things may be abstracted away.
Adam Ficsor: You are 100% right and I'm very happy that you reminded me about this, because I need to be reminded very, very often because... You wouldn't imagine, but I'm the only person who tries to keep the things consistent and coherent. Every day people keep opening issues, support requests, anything those are complicating, even if that's a good idea, those are complicating the user experience and getting more and more...
Well Wasabi is getting more and more powerful, but I'm really not actually happy about the fact that we are getting harder and harder to use. Actually we were just talking about maybe... For one thing, is that a lot of people get it right away and they think they user experience is great. But there are people like you, and I think you guys are just silent about it and don't tell me.
There are people who don't get it right away and I think this is extremely important to make a seamless user experience. That's one of the most important things that seems to be, only I care about!
Peter McCormack: Well it's because people always talk about mass adoption. They always talk about mass adoption, hyper-bitcoinization and that everyone will be eventually using Bitcoin. I always try and think of the five or six people I meet with, once a month down the pub and what you've got amongst them, you've got one person who will be remotely interested in Bitcoin and will kind of figure things out.
Then you've got four or five people who don't, and that if you put something like Wasabi wallet in front of them and say "this is the future of how you're going to spend money", it's not going to work for them, because they're just going to be like, "huh?" They essentially need user experiences similar to Cash app or PayPal where they don't have to think and it is all kind of obvious.
So my thing about Wasabi is that, it's clearly very cool. The things you're doing are amazing, but I don't think you are, say at the point where you're consumer friendly yet, because that's going to take time.
Adam Ficsor: I don't know. Are we not in the point where we are consumer friendly? I mean we can do a lot more things for sure, but I would say it's already pretty easy if you have ever used a Bitcoin wallet before in your life. Have you used Electrum before?
Peter McCormack: Yeah, I've used Electrum. I've used a variety of wallets at different points and I guess it was things like, I tried to send to myself and I couldn't and I didn't understand what a bech32 was and that's why it didn't work. There's things like that, but I think that maybe, that's just an inherent part of Bitcoin is that occasionally things don't work how you want to.
Maybe you do then have to go online and do a little bit of research and there is a bit of an investigation. But my assumption is that, like I said to you before, when you get to version 2 or 3, most of these problems are going to be abstracted away and it's going to be a much simpler experience, because you want privacy for all.
I heard your interview with Stephan, you said I want privacy for all and I think that's obviously an amazing goal, but I do think there are a lot of aspects within Bitcoin and the user experience that at the moment don't offer privacy for all, because it's quite complicated to actually take control of your privacy and it's okay if you're an experienced long term Bitcoiner, and you've spent years using different wallets, etc. But if you came in new to Bitcoin, I think there's still a lot of things that are very hard and very difficult to get your head around.
Adam Ficsor: But you know what the underlying problem with this, is that it's like the Internet. The features and the stuff is moving so fast that UX don't have time to keep up with it. From a point of view, this is a very, very good sign, because we are improving the base layer way too fast, so people don't have time to write a good UX for anything, because it just changing and getting better.
But after that, when regulators, who are coming and then tell us to license every line of code that we write or whatever they tell us, then fine, we will have time to actually figure out the UX. That's how I think about it!
Peter McCormack: So let me ask you about some other things. So at the bottom of my wallet it says it's connecting and it says to me, "Tor is not running. Back end is not connected. Peer is zero." Is there something I'm meant to do here, to have this set up and running?
Adam Ficsor: No, I think that's a bug. How long are you doing that?
Peter McCormack: So my wallet has been open for probably an hour.
Adam Ficsor: Yeah, that's a bug. Tor is not running, that's what it says. Tor is done on anonymity network that we are using. So we launched the Tor process in the background and everything should be just working. Actually if Tor is not running, then the wallet will act strangely, not as you want it to act. So while I'm not trying to debug it live! But yes, that's the overall message, that things are not working properly.
Peter McCormack: Okay. Well I'm still going to stick with Wasabi and learn my way with it. Okay. So let's talk about CoinJoin because CoinJoin is something I've heard about, but it's not something I've ever actually used myself. So can you explain to me what CoinJoin is? What the background to it is and how it works?
Adam Ficsor: Well let's approach it from a perspective that people might be familiar with, traditional Bitcoin mixers. So how do they work? You send them the money and they send different money, that's the idea. What is the problem with that, is that sometimes they don't send you back the money! It is not good! The other problem with that, is that they can be de-anonymized. You don't have privacy against them.
So what does CoinJoin do? CoinJoin in general does not be able to steal the money from you. It doesn't hold any privacy against them, CoinJoin in itself, but at least they cannot steal your money. Chaumian CoinJoin holds the privacy part to it, so that's what we are doing. We have a coordinator and with Chaumian CoinJoin we cannot steal the money and we cannot de-anonymize our users. So we are basically a passive observer of having communication going through us. But we cannot do anything about it.
Why we cannot steal your money with CoinJoin? Why no one can steal your money if you're using CoinJoin? Because CoinJoin works in a way that I have a transaction and you have a transaction. Those transactions are not signed by us. So if we would give those transactions out to the network that "hey, these transactions are not signed."
Now we merge together our transactions, what we want to make and look at the transaction and if the money in some transaction outputs goes to where we want them to go, that's when we sign. If we don't see those transaction outputs in the transaction, in the common transaction, then we don't sign the transaction. So this is mathematically impossible to lose money with CoinJoin because of this.
Peter McCormack: So with CoinJoin, if I wanted to make a payment for something, essentially it mixes my payment with a whole bunch of other people's payments? What's happening there? Is it creating lots of new UTXOs? Is it mixing up the UTXOs? How does it actually work?
Adam Ficsor: It can be done, paying with CoinJoin can be done. We don't have it yet.
Peter McCormack: Okay. So this is just a way of mixing then?
Adam Ficsor: Yes, to yourself, it's always going back to yourself.
Peter McCormack: Can you talk me through, in idiot layman terms? Say I've got a number of Bitcoin here in my Wasabi wallet, I would use CoinJoin to essentially scramble the history of them?
Adam Ficsor: Yes. That's actually exactly.
Peter McCormack: So I'm essentially creating a bunch of fresh coins, out of the same coins so they can't be tracked. How does it actually work? How does it actually do that?
Adam Ficsor: A transaction has inputs and outputs. So I can can add 5 inputs to the transaction and 2 outputs. You can add 6 more inputs to the same transaction and 1 output, that's the basic idea. So that's how you are managing different transactions, different payments with each other. We can go into how it works in so many levels. I'm not sure, maybe you want to lead with something that you are familiar with regarding privacy and I can go go with that line of thinking?
Peter McCormack: Yeah. So I'm just trying to understand myself from a user's perspective, how it actually works, because I don't understand this stuff. My experience of Bitcoin is, I don't even get involved in UTXOs and I know you can do that. I know you can go to that level of detail if you're technical enough, but I don't.
Say if I wanted to send you some Bitcoin after this Adam, I just go into my wallet and put in your address, click send and it just automatically deducts from my balance. But I don't get involved in that level of detail. With your wallet, I can actually anonymize the history of all my coins. But I don't understand how that works and I just thought that would be quite interesting to understand.
Adam Ficsor: Yeah, it's very, very simple. You just go to CoinJoin tab and queue coins, wait a day and you'll have mixed coins. It just works by itself.
Peter McCormack: So it just sends out a bunch of UTXOs and returns a whole different set?
Adam Ficsor: Yes.
Peter McCormack: And they can't be tracked? Someone like chain analysis can't track those and see where they've all been mixed and sent?
Adam Ficsor: No. Unless you do some very stupid things. Like a very stupid thing to do, is send all your money from your hardware wallet there, mix all your money, and then send all your money back to your hardware wallet.
Peter McCormack: So you're essentially sending almost the same amount back?
Adam Ficsor: Yes, and not just that, but because your hardware wallet is probably... Say you have, what do you have, Ledger?
Peter McCormack: I've actually got a Trezor, I've got a Ledger and a Keep Key. I've got them all to just try them all.
Adam Ficsor: Yes. So what is happening there when you log into your Ledger wallet, they send all your addresses back to the Ledger's server, so they know exactly your IP address and every address of yours. Not every address that you have ever used, but also every other addresses that you will ever use in the future.
So the point is, that if you send from there to Wasabi, you mix and you send back to the same wallet, then Ledger will see that "hey, you send some money out. It was mixed and some money came back and it is the exact same money", so you didn't really mix anything, as far as the Ledger company is concerned.
Peter McCormack: So what's best way around that then? Is that to have a separate Ledger to send them back to, or is it to just keep everything in your Wasabi wallet?
Adam Ficsor: Keep everything in your Wasabi Wallet, that was the best way around it with hardware wallet. Now we have hardware wallet integration into Wasabi. So now you can keep everything in Wasabi wallet and that's great. You don't expose information to anyone.
Peter McCormack: Which hardware wallets are you integrated with?
Adam Ficsor: So right now I got a Trezor Model T, Coldcard and the Ledger Nano S. But I am getting more hardware wallet models and they are probably already working. But I don't want to say anything, because I didn't test them.
Peter McCormack: That's fair enough. So looking at the CoinJoin tab, it has this thing that says a target anonymity set 50. Is that that you would mix with 50 other users or what does that actually mean?
Adam Ficsor: If you mix with 50 other users, then your coin will gain anonymity set of 50. So it's really interesting because if you mix again, the exact same coin with 50 other people, then in theory, and that's what the Monero people will tell you and the other people will tell you that, "hey, you just gained anonymity set of 50, multiplied by 50, which is a very large number!"
Then you go to an actual chain and figure out, "hey, there are not even that many participants who ever used Monero, so wait, what's going on here?" So the point is that the anonymity set is not a perfect a way to measure things, but it's a good indication and we decided to not multiply but only add them together. So if you mix a coin, let's say with 40 people and your target is 50, then that coin will be automatically re-mixed until it reaches at least 50.
Peter McCormack: Oh, I see. I understand. So there's a lot of things to think about on this CoinJoin tab, and again, I think of somebody like one of my friends using this. They've got different options, they've got the NQ selected coins, DQ selected coins, anonymity set, they've got the peers.
There's lots of things on there to look at and think about and it says clusters and privacy. I looked at it and just went, "huh", because I don't understand CoinJoin and in thinking of terms of user, I almost don't want to. Do you think there will come a day with something like the CoinJoin tab, where I almost will have very limited options.
I'll just say, select coin, mix and everything else will be done in the background and I won't have to consider or see any of these other things on screen? Or are these intrinsically important to it and are these things I need to understand or could it just be abstracted away?
Adam Ficsor: No, let's address the elephant in the room. There is a technique called confidential transactions, which masks the amount and it's not in Bitcoin. But it might get into Bitcoin in the future, let's not make predictions. But if it would get into Bitcoin, then you would not need... So you could just see your balance and be happy with it.
Okay, so feeling towards confidential transactions to Bitcoin, we have to have this coin control features or do we, because we can still make optimal anonymity... So we can optimize a lot of things. We can send in CoinJoins, we can have much more space efficient mixes and we can do a lot more things. Then the question arises, do you still need to look at your coins and do these kinds of things, even without confidential transactions.
I'm not quite sure. Maybe we will not need all these things anymore in the future. But we are not there yet. This is the ultimate improvement of user experience, to actually improve the protocol and see how far we can go with it.
Peter McCormack: So with confidential transactions, you won't need CoinJoin anymore?
Adam Ficsor: Yes, you need CoinJoin. But basically every Blockchain analysts historically relies on looking at the amounts of transactions and that's why they can make any conclusions. If you look at the Block Explorer of Blockchain for anything, you can make some conclusions but not much. But if the amounts would be hidden, then while there is not much conclusion to make anymore, so confidential transactions don’t hide the link between one address and other addresses, CoinJoin is what obfuscates that link.
Confidential transactions just obfuscate the amount. That's why it takes so long to, let's say to mix 1 Bitcoin, because you have to do 10 rounds because we have to spit out even amounts, because people are come into the CoinJoins with different amounts. You come with 1 Bitcoin, I come with 5 Bitcoin, now how do we mix it? If we mix it in a way that you get back 5 Bitcoin and I get back from 1 Bitcoin, then that's an obvious link. You can see it from the amounts. Okay, so what do we do? Then I get back 1 Bitcoin and you get back 1 Bitcoin and you get back another 4 Bitcoin.
Now that's a mix, but only the 1 Bitcoin is mixed in that transaction. With confidential transactions because the amounts are basically nonexistent because of that, we don't have to mess with anything anymore and quite honestly, if we could get confidential transactions into Bitcoin, then I would just throw out everything what I've been working on the last 3/4 years, because it was just a require... It's just so powerful that we don't need all these tinkering anymore.
Peter McCormack: Is that Schnorr signatures?
Adam Ficsor: No, Schnorr signatures makes CoinJoin smaller. That's nice!
Peter McCormack: Can you see how something like this becomes quite complicated for say somebody like myself, is that we want privacy for all, but there's so many different technologies working in parallel or different ways to offer privacy and fungibility, it can be quite confusing for somebody like myself.
Adam Ficsor: Yeah and if we keep talking about it, it gets even more confusing! All this kind of stuff, how we are establishing your wallet balance, without exposing any information to anyone is extremely complicated, yet you are not noticing anything about that. People don't even appreciate that feature, but that's a super important feature because they just don't see it! I like these kind of things. We already did something that's great and completely hidden from the user, yet it's working in the background.
Peter McCormack: So there's a couple of other things I want to ask you about before we close up and I think I'm going to want to do a follow up as well, because I'm going to stick with Wasabi and I'm going to keep using it and keep it improving my knowledge. But I want to ask you about firstly, one of the things you want to do for the future is have Android and iOS apps. How much more complexity does that add to your work? How is that work coming along? Is there any kind of timescale for that?
Adam Ficsor: No, there is no timescale. Well I hope somewhere, I will get there and we don't need to give out any iOS or Android apps in the future. Oh, let's see. What is the blocker now? The blocker now is how do you establish your wallet balance, because that's the hard part. Mobile wallets send back the queries to a backend server and then you expose all your information to their backend servers. So that obviously just kills privacy right away.
This is the hard part, how you are establishing your wallet balance and yes, we can get there, but we have to do so many micro optimizations in order not drain your battery right away, in your mobile for example. So we can definitely get there. But we are not thinking about it yet. I'm really hopeful that somewhere I will solve this issue in the next one or two years. If not and if they are still not trying to solve it, then maybe there is something needed to be done about it. But again, they are trying to solve it.
So they are selling the boxes, the dojo. They call it the dojo, that's actually the right way. Of course the wallet cannot yet interoperate with the dojo, but what that does is that's running a Bitcoin core full node in your home. That's what you are asking for your wallet balance, is so you are not exposing anything to anyone except for your own Bitcoin core full node, which is the best thing to do.
Peter McCormack: The last thing I wanted to ask you about is Lightning. I'm not sure how aware you are, but I've been running a Lightning month on my podcast, doing lots of different interviews, trying to increase my knowledge of Lightning. How much exposure have you had to Lightning and what's your views on the progress with Lightning and how it works?
Adam Ficsor: It's a good question. It has some usability issues. Let me tell a story, I was talking with someone who is doing Blockchain analysis and he said that Lightning is terrible for them, because they cannot de-anonymize the Lightning network. Now I said the exact same thing, that it is terrible for me because I cannot build anonymity on Lightning network. Now it's not completely true, we said it, but it's kind of true, because Lightning achieves un-observability in a way that transactions are going from nodes to nodes.
You may or may not lose track of transactions, but you cannot verify if the nodes are actually malicious and spying on you. It's really interesting. I'm really excited to see. I'm really not happy about the user experience that we have and I'm really not happy about that. We are building applications like what Bitfury is doing, that they are making Lightning to use super easy. But you are basically losing all your privacy.
We just worked out so many privacy things in Lightning for nothing and if this kind of things become the standard, then Lightning network is not going to be better at all. But there are so many ways Lightning network can turn out alright and it's really up to us, the people, that are we going to to use watch towers. Those are helping us to establish our balance, to batch our channels or are we going to come up with a bit more complicated, but more privacy oriented solutions.
It's up to us. It's not decided yet. The user experience is not great yet. I think we can get there. Lightning is from a user experience point of view, it's much harder to be a good user experience on Lightning. I'm not happy about it, because even on Bitcoin it's hard to do it, but let's make it harder!
Peter McCormack: Are you a fan of Lightning?
Adam Ficsor: Yes.
Peter McCormack: So what are the difficulties that you're having on building on it?
Adam Ficsor: So on the conceptual level, you are sending money to other people through Lightning nodes and as we can see, whole networks are actually built out. Like the Internet, everything goes through Google and Facebook and a couple of big companies. So it may be the same with Lightning. I mean anyone who says, "hey, it's going to be centralized", he doesn't know.
But anyone who says that, "maybe it's going to be decentralized", he has no clue either! Because the more Lightning hops you have, the more private your transaction is and that's the point. But if everything goes through one hop, because that hop is so interconnected that it is much more convenient to use that guy, that hop. These are the issues with Lightning and the issues that actually we have in Bitcoin. Because you have to onboard to Lightning from Bitcoin and you have to off-board from Lightning to Bitcoin.
Big question or do you have to really have off-board or are we just going to use Lightning? The issue is that we have no idea how people are going to use Lightning, so we don't really know what we should be concentrating on, in terms of building privacy on it. What I mean, obviously Blockchains don't scale, so we cannot avoid Lightning. So there you go, we have to figure it out eventually!
Peter McCormack: Again, we're just super early! So look, this has been really useful and I don't want you to think I've been hyper critical. It's more just, I'm trying to use these technologies and tools, as somebody who isn't technical and trying to work my way through it. I'm going to stick with Wasabi. I'm going to keep using it and learning it. Hopefully we can catch up again and talk through my experience in the future.
Adam Ficsor: Thank you very much. One more thing, please click on "help and support" or "help and bug report" and report the bug, because this doesn't happen? I never met someone who couldn't start Tor. It must be some very exotic thing, like your antivirus company deleted Tor?
Peter McCormack: Oh, do you know what it might be? So usually I have to give access to new tools, so I use antivirus software, so it might just be that. It's probably just me! I'll have a play with it. If it doesn't work after that, then obviously they I'll submit it as a ticket. But it's almost certainly that.
Adam Ficsor: Awesome!
Peter McCormack: Cool, well listen, let everybody know how they can find out more about Wasabi. They can find out more about ZK-SNARKs and the work you're doing and how people can get in touch, if they want to reach out to you.
Adam Ficsor: Yes, wasabiwallet.io is the website that's where you start with Wasabi. If you want to learn about Wasabi, then you might type in nopara73 and Medium blog. I wrote hundreds of privacy articles in the past years. So you will probably find something that interests you, hopefully!
Peter McCormack: Brilliant. Look, thank you for your time, Adam.
Adam Ficsor: Yeah, thanks a lot!