WBD548 Audio Transcription
The Right to Bitcoin Privacy with Max Hillebrand
Release date: Thursday 1st September
Note: the following is a transcription of my interview with Max Hillebrand. I have reviewed the transcription but if you find any mistakes, please feel free to email me. You can listen to the original recording here.
Max Hillebrand is an economist and open-source entrepreneur who runs Agora Towards Liberty. In this interview, we discuss the release of Wasabi Wallet 2.0 that he has been contributing to, the importance of CoinJoin, providing easy privacy for everyone, and why the personal risks of facilitating privacy are worth it.
“It’s seriously a matter of life and death. Humanity cannot survive under tyranny, it just dwindles away and dies. It’s a really important fight, if we lose this one, we’re screwed - the future is going to be substantially different, substantially different, and not in a good way at all.”
— Max Hillebrand
Interview Transcription
Peter McCormack: So, we're going to do my first ever CoinJoin.
Max Hillebrand: That's lovely.
Peter McCormack: Matt Odell would be so proud. And any pleb watching will be, "Can't believe you haven't done a fucking CoinJoin before". So, am I all right to use a Ledger?
Max Hillebrand: Well, you can currently not yet sign a CoinJoin on Ledger, by the way, so you have to send money to a hot wallet on Wasabi.
Peter McCormack: That's what I assumed I was going to do.
Max Hillebrand: Exactly. So, you're going to send some money from Ledger, probably Ledger Live app or something, to Wasabi on a new address, and then let's go.
Peter McCormack: All right, let's try and figure it out. Let's see if I can do a CoinJoin without any help.
Danny Knowles: I'm not giving you good odds!
Peter McCormack: Oi! HODL didn't think I'd be able to do --
Danny Knowles: Yeah, that's true, to get money off the Opendime.
Peter McCormack: Yeah, here we go.
Max Hillebrand: Do you have an M1 chip, or is it the old --
Peter McCormack: No, it's the old one. Hey, come on, I said don't help me; you're already thinking I can't do this, for fuck's sake! I'm going to absolutely nail this and all of you can fuck off. Jeremy, do you think I can do this?
Jeremy: I believe in you.
Peter McCormack: Have you ever done a CoinJoin?
Jeremy: I haven't.
Max Hillebrand: Oh, so many virgins in this room, it's incredible, man.
Peter McCormack: Well, he's not a terrorist! What about you, Freddie, have you ever done a CoinJoin? Not a terrorist? Danny, have you done a CoinJoin?
Danny Knowles: Yeah.
Peter McCormack: Terrorist!
Danny Knowles: I've actually never done it with the new Wasabi wallet though.
Max Hillebrand: You see. It got a lot more boring.
Peter McCormack: I also want to know why you and the Samourai guys fight each other.
Max Hillebrand: Because, what would Bitcoin be without the Kindergarten?
Peter McCormack: There you go.
Max Hillebrand: It's like a little bit rough and tumble, and the dancing, right?
Peter McCormack: Rugrats. Right, let's open this. Right, "Welcome to Wasabi". Right, so just as a point of note, I don't read shit, so it will be a straight, "Continue".
Danny Knowles: No, you should read that first one, it's good.
Peter McCormack: Yeah, but I don't read stuff.
Danny Knowles: No, but you should read the first bit, because it's not about how you do it, it's a cool statement.
Peter McCormack: Okay, "Satoshi brought scarcity while Wasabi's bringing fungibility… Up to now, Bitcoin is rapidly becoming the world's reserve currency, but its fungibility, a property of good money, is still unsatisfactory". Yeah, okay. I'm just saying, I'm trying to show people how I -- because, I think this is what other people do, they go, "Yeah, whatever, cool, yeah, non-custodial, yeah; anonymous, yeah, okay, I get it, cool; open-source, yeah, cool. Right, I can start using it".
Right, okay, I created a wallet before but I didn't put anything in, so I need to create a new wallet. Okay, so these are my words. Right, I've got to write this shit down, haven't I?
Danny Knowles: Ben's going to steal your money in the edit.
Peter McCormack: Yeah, that's a good point! So, there's no point writing it down for the sake of this.
Danny Knowles: Well, there is, because you're sending money to it. Even if you sweep it afterwards, you still write it down.
Max Hillebrand: Well, but we have like ten cameras pointing at us right now!
Danny Knowles: That's very true.
Peter McCormack: Six, seven…
Danny Knowles: I wouldn't read them out!
Peter McCormack: I mean, it doesn't really matter, because if this works, I'm going to then create a brand new wallet without 15 cameras on me and do it properly. What have I done wrong here? Oh, the numbers are a different way. Why are the numbers in that way round? That's not how lists work; you read left to right.
Max Hillebrand: I guess half the people would say the other way would be a mistake.
Peter McCormack: Yeah, but they would be wrong. That's the way people read, left to right.
Max Hillebrand: I'd probably just use the number next to the word.
Peter McCormack: Well, I don't look at shit. Okay, I'm going to type a password, "Dannyisatwat"!
Max Hillebrand: That's a good password!
Peter McCormack: Yeah, I won't forget it, "What is Danny?" Is that something waiting to load; I'm asking you now?
Max Hillebrand: No.
Peter McCormack: Okay, so that's designed like something that's waiting to load. You know when you have a webpage and you're waiting for something to load, they put that in? What is that?
Max Hillebrand: That's your history table.
Peter McCormack: So, why don't you just say, "You have no history"?
Max Hillebrand: That would probably be nice.
Peter McCormack: You see, I'm so critical of this stuff.
Max Hillebrand: No, that's good.
Peter McCormack: I'm not just a wanker, I like it -- yeah, okay, "Received". Okay, so this is my entire wallet. Okay, "Received". I'm getting some shit here, "Enter the names of the person … that it's addressed to"; what?
Max Hillebrand: Who's sending you the money?
Peter McCormack: I mean, I'm sending it.
Danny Knowles: So, if you write that, then when you're trying to use this Bitcoin in future, you'll know that you're the person that knows where this has come from.
Peter McCormack: But I don't care, I just want to send it.
Danny Knowles: No, but you should care, because if you were taking this from an exchange, you could write, "Gemini", and then you'd know where that money had come from, so you can track the history of the coins.
Peter McCormack: But I'm going to CoinJoin it anyway?
Max Hillebrand: By the way, that's actually a really, really good point. At one point, all those labels were mandatory, because you actually needed them for a lot of reasons, because the CoinJoin function wasn't so great. Now, with 2.0, we actually have a much better CoinJoin function, so a lot more coins will get mixed, and yeah, I actually have an open issue that we should remove the mandatory labels, because it's no longer needed.
Peter McCormack: Yeah, I just don't want it, I don't want this label here, because, "Enter the names of the person…", I'm not giving the address to anyone. I'm already confused. I just want to send -- my wallet experience would always be now, "Just show me an address", and I haven't got that. So anyway, let's say, "Peter", because it's from me. Now, I should get an address, I'm assuming. Okay, cool.
Max Hillebrand: There you go.
Peter McCormack: Copy that. Right, this is the bit I kind of want to be a bit private, don't I? Can you turn the screen off, because I'm going to open up my wallet?
Danny Knowles: Yeah, so if you just turn the screen off. Go to your settings.
Max Hillebrand: Voila!
Danny Knowles: So, you won't need to send too much across.
Peter McCormack: How do I know what I should send across?
Max Hillebrand: Whatever you want.
Peter McCormack: How would I know?
Danny Knowles: What's the minimum CoinJoin amount?
Max Hillebrand: 5,000 sats. Do you have that much?! It's a lot. Buy your crank, it's a damn spaceship for that much.
Peter McCormack: Are you recording me?
Jeremy: I can't see your screen.
Peter McCormack: No, but can you see me typing?
Max Hillebrand: No more.
Danny Knowles: Emma's hanging out of the door with a camera!
Max Hillebrand: A little fun fact: if it's below 1 million sats, you don't pay coordinator fees.
Peter McCormack: I don't know what a coordinator is. No one's taught me yet.
Max Hillebrand: It's cheaper. Well actually, no, we did tell you, you just didn't read!
Peter McCormack: A lot of people don't. It's just a point, a relevant point to this, because it was my job previously; I used to do UX design. I'd always say to people, "The most important book in the world you can read is Don't Make Me Think, by Steve Krug", because most people do not read instructions, they just click and press.
Danny Knowles: I get what you mean on that first part, but I would definitely have read where it's like, "Do you want to be quick, private?"
Peter McCormack: So, another lesson this, don't ever base anything on what I would do, okay; it's the worst thing. Don't make me think, you're trying to design interfaces to get the most people from A to B. If you're only doing it for the 50% of people who read, you're losing the 50% of people who don't read.
Max Hillebrand: Exactly.
Danny Knowles: I would have assumed everyone would have read that.
Peter McCormack: But they don't, I guarantee you, they just don't. And one of the most interesting things you can do, there's a -- it's called usertesting.com, it's this website, and basically if you've got a project that you're doing, you can request, say, 20 users, give them instruction and what they'll do, they'll video themselves using the website and talk through what they're thinking as they do it. And the amount of things that go wrong that people think that you're like, "What the fuck? How did you think that?"
Max Hillebrand: It's the most hilarious, yeah.
Peter McCormack: Yeah, and it's brilliant, but it's so useful. But you cannot base it on what you think, and you have to assume the worst person, the person that points, clicks and doesn't think. And so that's why when I use it, I know I should read the instructions, but I point and click to try and make the point to people in Bitcoin, I'm not just a fucking moron, I'm trying to help people understand that there are certain types of users out there.
Max Hillebrand: Yeah, definitely. I mean, with Wasabi 1.0, I've watched so many users as they were first-time experiencing the wallet, many of them not only Bitcoin, so that was the first Bitcoin exposure they ever had; and 100% of them did not know what to do, or at least did not succeed in doing what the wallet was enabling them to do, because you need to understand what a UTXO is and what a coin is, and that's, what, 5% of all bitcoiners know that?
Peter McCormack: Less.
Max Hillebrand: So, it's like as you say, if you insist in the UX on reading, then half of the users cannot read. And if you insist in the UX on coins, for example, then all of a sudden the percentage of people who can actually use your wallet properly is negligible.
Peter McCormack: A commercial interest for you guys is you make money on every CoinJoin. So, you want to make it as easy as possible for every person to sign up and get there and use a CoinJoin.
Max Hillebrand: Exactly.
Peter McCormack: So, you're commercially incentivised to make this work as best possible, and that's why UX is so important. Yeah, you can put it up.
Danny Knowles: So, Max, do you want to --
Peter McCormack: Well, no, let me -- most people wouldn't have the pleasure of having Max Hillebrand in there with them.
Danny Knowles: I was going to say, say what's happened so far.
Peter McCormack: But I don't want him to tell me what's happened so far, because I want to go through my experience of, "Oh, okay, wow!" then you can correct me. I've got 0.01 BTC in my wallet, okay. Right, how do I -- because in my head, I'm going, "How do I CoinJoin this now?" Well, I'm waiting for CoinJoin. What's that down the bottom?
Max Hillebrand: Voila, you're CoinJoining.
Peter McCormack: Well, what's it CoinJoining?
Max Hillebrand: Your money.
Peter McCormack: But I didn't ask it to CoinJoining my money.
Max Hillebrand: By default, if you create a new wallet, we turn CoinJoin on automatically, because we want to provide a wallet experience that just works by default, and most users don't know what a CoinJoin is, or why it's even useful, and so we take that decision for them.
Peter McCormack: And, how much am I paying you?
Max Hillebrand: In this case, I believe nothing to the coordinator specifically, because you have less than 1 million sats, or you have exactly 1 million sats. It might be that, if it's exactly 0.01, you still pay; probably not. So, you don't pay the coordinator, which is my company, basically, but you do pay mining fees, like any other Bitcoin transaction.
Peter McCormack: Cheers, by the way.
Max Hillebrand: Cheers, thanks for the invite.
Peter McCormack: Thanks for coming. Okay, so say I put 1 Bitcoin into this wallet, what would I have paid?
Max Hillebrand: So, that's 0.3% to the coordinator, which in 1 Bitcoin, that's like, 300,000 sats.
Peter McCormack: Do you not think you should ask me before you auto CoinJoin and take some of my Bitcoin?
Max Hillebrand: Well, we did tell you, but you skipped it, because you're too lazy to read!
Peter McCormack: Okay, because in this case, my keys, not my Bitcoin.
Max Hillebrand: No, your keys, your Bitcoin, it's just that you have a very smart robot, a block-space accountant, who's purchasing block space on your behalf.
Peter McCormack: But I didn't choose to do that.
Max Hillebrand: You did download the wallet, and you did, in that sense, choose a wallet that aims to be privacy by default.
Peter McCormack: Of course, but at no point did I go through the process of agreeing to pay a fee to use it. I didn't pay to download the wallet, I didn't pay a store fee when I signed up, I didn't click a thing that said, "Pay". By the way, don't get me wrong, I'm being an arsehole here --
Max Hillebrand: Sure, always!
Peter McCormack: -- for principle, because the principle of it is not so much that I disagree; I think auto CoinJoin is great. The last time I used Wasabi, I was like, "I've got no fucking idea what's going on here, I don't know what all this shit means". The fact that you basically auto do it is amazing. Putting my designer hat on, what I think you could do is, you know those screens that you take people through, I think if that's designed like an onboarding where I have to make choices, so I literally have to make choice. So, "Would you like auto CoinJoining turned on?" I'd be like, "Yeah, I do". Then I've agreed to the fee, and I've also realised you're doing auto CoinJoining.
At this moment now, somebody who knows a bit about CoinJoining, I've come in, bear in mind I'm not talking about my experience like I'm Matt Odell, I'm talking about my experience like I'm an absolute fucking moron, because I want you to get as many morons using this as possible, so more morons CoinJoin and you make more money. But I come into this and I've been told with Wasabi I can CoinJoin, I don't know where I do it, I've got a thing saying, "CoinJoining might be uneconomical. Receive more funds --" I don't know what all this shit is, I just don't know what's going on.
Max Hillebrand: So, there's multiple things going on here. For one, the transaction that you sent is still unconfirmed.
Peter McCormack: How do I know that?
Max Hillebrand: Because in the transaction history is a little clock item, right, on the left. Exactly. That means unconfirmed.
Peter McCormack: "Pending".
Max Hillebrand: Exactly. So, this means that you still actually have to wait until you get that confirmation before you can start CoinJoining.
Peter McCormack: Do you know what I would do? I would here, after the number put, "Unconfirmed" in writing, because then if I've got lots of transactions, I know the one which is unconfirmed.
Max Hillebrand: We fix that for you, because if you have some confirmed transactions and some unconfirmed transactions, there's kind of a line separator and the unconfirmed ones are on top. So, you should see a difference. It's just that right now, you only have one transaction.
Peter McCormack: But most of the time, I might only have one coming in.
Max Hillebrand: No, just for the first one. Because, in the future, there's going to be a second line item here.
Peter McCormack: Okay, I'm being picky, but okay. Labels, "Peter". Actually, now I see that, I understand the benefits of labels.
Max Hillebrand: It's super-important. Metadata is crucially important, because again, we have here a very sophisticated robot doing decisions for you, but he needs to know information about you. And especially that critical metadata of who knows that these coins belong to you.
Peter McCormack: I like that one in the future that says, "Danny lost the bet"! "Ben Arc lost the bet"! Okay, so that's cool. So, why is it waiting to CoinJoin?
Max Hillebrand: Because you still have unconfirmed coins; that's the biggest issue here basically. But as you see -- by the way, it's kind of jumping here between two states. I think that's a bug.
Peter McCormack: I always find your bugs.
Max Hillebrand: Perfect! But you see here, there's a play and a pause button basically, and you could hit the pause button and now it stops CoinJoining, right, and once you press play, it continues.
Peter McCormack: Okay. Do you know what I would do? Once you get to that screen, have you ever seen those overlays that are semi-transparent, it looks like it has a drawn arrow and it says what that thing is, and then you click through it? I would have one of those, because what would be super-cool is you can say, "Clock: this is because your transfer is unconfirmed, we're waiting for confirmation. Here is your label. We're auto CoinJoining for you, but at the moment, we're waiting". What are we waiting for, by the way?
Max Hillebrand: Confirmation.
Peter McCormack: Okay, so as soon as it's confirmed, we will auto CoinJoin. I just like those things, because I design for the most basic idiot.
Max Hillebrand: But just earlier, you said you don't like to read, and we did have, in those early dialogues, we had some of the information you're talking about. But you're saying to make it more interactive?
Peter McCormack: Well, the difference is, one of those things on the initial screen, they look like sales pitches, they look like the intro pamphlet. When you get a UX thing which is the arrows, you're like, "Oh, you're telling me how this interface works", and it's a different logic to the human of doing it. That's what I would do. But on that intro screen, if you want people to do things, you make them answer questions, because then they have to read it to know what question they're answering.
Max Hillebrand: Exactly, yeah.
Peter McCormack: So, "Do you want auto CoinJoin?" I mean, I think everyone should.
Max Hillebrand: But do you even know what a CoinJoin is?
Peter McCormack: I have fucking no idea. I assume you get one coin --
Max Hillebrand: Do you know what problem it solves?
Peter McCormack: Yeah, well I do, it solves fungibility, right, it allows me to terrorise! But I assume what it does, it gets a coin and it joins it to another coin, hence a CoinJoin!
Max Hillebrand: Basically, you and a bunch of other users joining their coins, it's a big party.
Peter McCormack: Let's do it, let's talk it through. But firstly, talk about why this is important, jokes aside.
Max Hillebrand: So, Bitcoin is a genius, genius system. It allows merchants, entrepreneurs, to define for themselves and to verify and to enforce the rules of their monetary game, basically. Merchants define what coins are valid, and that's incredible. This means that you can even verify for yourself what's the total money supply, you know, 21 million Bitcoin, it's a huge meme, of course, and that's awesome. But this only works if every user verifies every transaction of every other user. So, you need to tell a lot of people about transactions that you're making, and financial transactions are sensitive and to a large extent, need-to-know.
This means we need to find a pretty cool way, or we have to be a bit smart about, how do we make these public transactions in a way that it's not as easy to get sensitive, personal information out of them. So, that's kind of the why. We have this beautifully verifiable system, but now we have to use it in a private way, without compromising on any of the verification features, and that's where CoinJoins come in.
Peter McCormack: So, where does the technology -- who came up with CoinJoin; was it Greg Maxwell?
Max Hillebrand: Even in the whitepaper, Satoshi has a half sentence, or a sentence that each user -- all of the inputs in the transaction belong to one user basically, and that's, I guess, the very root cause of CoinJoin. He assumes that all the inputs belong to one user, and he does that in the whitepaper already, which is crazy. A couple of years later, that is known as "the common input ownership heuristic". Then, in 2010-ish, I think there were a couple of further thoughts and research on how to make transactions where not all of the inputs belong to one user.
Peter McCormack: I'm just going to do something here, because we might have people listening who are going, "What the hell are you on about, inputs?" So, shall I have a go?
Max Hillebrand: Sure!
Peter McCormack: God, this is a test. So, if you want to send someone some Bitcoin, say I want to send over to Danny, 0.5 Bitcoin. In my wallet that I'm sending from, I have a load of UTXOs. UTXOs represent different amounts; it's like money, right? I could have a 0.2 Bitcoin, I could have a 0.1385 Bitcoin. And so, to send Danny my 0.5 Bitcoin, it takes a number of those UTXOs and creates the outputs.
Max Hillebrand: Yeah.
Peter McCormack: No, inputs? They create the inputs of which I get an output.
Max Hillebrand: It's kind of both. So, you're saying the unspent transaction output gets referenced on the input.
Peter McCormack: On the input, yeah.
Max Hillebrand: Exactly.
Peter McCormack: And, what it will do, it will take a number of them to make that total amount, and then if I haven't got any exact amount, it will take an additional one and it will overspend and it will send that back to me as change.
Max Hillebrand: Exactly.
Peter McCormack: There you go. Fucking hell!
Max Hillebrand: There, you see! So, the inputs are the coins that are being spent, and the outputs are the coins that are being received, so to say. And whenever you receive a coin on the output side, then you can spend it later on the input side of a new transaction, of the second transaction.
Peter McCormack: Okay.
Max Hillebrand: So, the idea of a CoinJoin then, and Gregory Maxwell formulised that, I believe it was 2013, in a legendary Bitcoin Forum post, where he explained a way, or the concept, that multiple users can get together and collaboratively build a single Bitcoin transaction, where there's hundreds of inputs. Some of them belong to you, some belong to me, some belong to the others; and then there are a bunch of outputs, again belonging to everyone.
But the really cool thing is, once we're coordinating this new transaction, as long as it's unsigned, there are no Bitcoin being moved, because Bitcoin can only be moved if you have a valid transaction with a valid signature of all the inputs. So, even if we have hundreds of inputs here from many different users, as long as even one of them does not sign, there's a signature missing on the input side, so the transaction doesn't go through.
Peter McCormack: So, what actually happens then, how do I still have essentially a mixed Bitcoin, if you're not signing it and sending it?
Max Hillebrand: Well, then nothing changed. In that sense, it's atomic. So, you're trying to make a CoinJoin, all right. You register your inputs, you register your outputs, but then you don't sign. Well, on the Bitcoin blockchain, this transaction is not there, because it's not signed, it's not broadcast, the miner didn't put it in a block. So, for anyone looking at the Bitcoin blockchain, your coins never moved.
Peter McCormack: Right, hold on a second, we're going to go back a second so I understand this. I know, when I send Danny some Bitcoin, I sign the transaction and that's now Danny's, right?
Max Hillebrand: Well, it has to be confirmed on the blockchain, that's crucial.
Peter McCormack: Yeah, of course, has to be confirmed, okay. So, when I send mine into this wallet, it will be signed and confirmed on the blockchain for it to exist within my Wasabi wallet. Then you CoinJoin. How do my UTXOs change?
Max Hillebrand: Well, some UTXOs get destroyed, some coins are being spent on the input side. And then you get, on the output side, a bunch of new coins, outputs, that you can spend in the future.
Peter McCormack: After the CoinJoin?
Max Hillebrand: Well, inside the CoinJoin. It's like a CoinJoin is just a transaction, a bunch of inputs, bunch of outputs.
Peter McCormack: So therefore, something does get signed?
Max Hillebrand: So, you register all your inputs, then you register all your outputs, and you wait until everyone else has done that as well, and then there's the third phase, the signing phase. And here, all the participants of that CoinJoin look at the final transaction, with all the inputs and all the outputs, they check if everything is all right, like you still want to make sure that you've still got 0.01 Bitcoin in this CoinJoin, for example, and not that someone's stealing money from you; so, you verify that. Once you're happy, you sign for your inputs this specific transaction.
But this specific transaction, even when you've signed it, it's still not valid, because there are other coins, other inputs, that don't have the signature yet. So, even if you would broadcast this transaction onto the blockchain, the miners or other full nodes would be like, "No, there's ten inputs here, only five of them are signed, the others are not signed, that's not a valid transaction", so it will never get onto the blockchain.
Peter McCormack: Okay, but what I don't understand is, how those UTXOs have -- what's happened here to change my UTXOs. Do you understand where I'm getting lost here, Danny?
Danny Knowles: Yeah, I understand.
Peter McCormack: Do you understand?
Danny Knowles: Not technically, no.
Peter McCormack: Because in my head, to CoinJoin, my assumption was it was like a mixer. I put a bunch of UTXOs in, you put a bunch in, Danny does, it all gets mixed up, and then the transaction gets signed, and then I get back these new UTXOs and nobody knows what happened. But hold on, that wouldn't work, because the blockchain would follow it?
Max Hillebrand: Well, there's a couple of nuances here. So, you said you put money into the mixer and later you get it out. So, that's how custodial mixers work. You make a transaction to someone else's private keys, and that first transaction, deposit transaction, goes onto the blockchain. You spend your input alone, and you generate an output into the mixer basically. Then, a week later, you make a second transaction where you spend the coin from the mixer onto your own personal addresses, for example. But here, someone else has full control over your money. Between that deposit transaction and the withdrawal transaction, the keys are with them and they can do whatever they want.
CoinJoin is fundamentally different. In CoinJoin, the money doesn't move unless everyone agrees; it's kind of atomic. If one person disagrees, if one person doesn’t sign, nothing changes.
Peter McCormack: But for the CoinJoin to work, do we need everyone to sign?
Max Hillebrand: Yes.
Peter McCormack: Oh.
Danny Knowles: You need everyone's cooperation.
Max Hillebrand: Yeah.
Peter McCormack: No, I get that. So, I thought you were saying the CoinJoin happens without everyone signing?
Max Hillebrand: No, you need to have, for all of the inputs that are present, you need to have a valid signature.
Peter McCormack: Yeah, but when you were saying, "If we don't have a valid signature". I thought you were saying the CoinJoin happens because…?
Max Hillebrand: Oh, no, okay, then maybe I misspoke. Then it cannot happen if there's no signature.
Peter McCormack: Okay, so let me go back. I'm going to imagine those fucks, Chainalysis, are following me, right? I've got a known wallet of my own, they know it. If I opened a Wasabi wallet and I send to that from that wallet, is that a mistake? So, say I've got my wallet here that I've been using for years. Chainalysis know exactly who I am, because I've just not cared about my privacy. I open up a Wasabi wallet and I'm like, "All right, I want to get my shit together". So, I send some Bitcoin from that known wallet to a Wasabi wallet. Am I suddenly being followed and that Wasabi wallet, they know who I am?
Max Hillebrand: Well, Chainalysis will presumably follow you just like they did in the past. So, they will see that out of your coin cluster, you made a payment that went to a new address. At that point, they don't know who owns that address or what this is. This might be a payment that you make to someone else.
Peter McCormack: But this one's a potential Pete or a payment?
Max Hillebrand: No, this transaction from your Ledger to your Wasabi, for example, after you make that first transaction, they still don't really know what happened here.
Peter McCormack: But I'm trying to think in all the scenarios, they're trying to track people down. They might go, every transaction I send -- like for example, do they know it's a Wasabi wallet?
Max Hillebrand: Not after the first transaction. At your stage where we're at right now, I don't think they know that this is a Wasabi address now. But at a later point, as soon as you CoinJoin, you're spending the coin that you received from Ledger into Wasabi in a CoinJoin with hundreds of other inputs.
Peter McCormack: So, if I was them, I would go, "Right, every time he hops to a new address and then CoinJoins, that's a potential Pete going to CoinJoin".
Max Hillebrand: Exactly, yes.
Peter McCormack: So, should I hop before CoinJoining?
Max Hillebrand: I guess you could. It's of course expensive, because you have to make another transaction that costs you time and money, obviously, and others have to verify it. And arguably, it doesn't help you much. I mean, arguably, it's not a problem at all. I personally never had any issues with CoinJoining.
Peter McCormack: And I guess it's like, once I'm in Wasabi and I've CoinJoined, who gives a fuck, because they don't know where it's going after?
Max Hillebrand: Exactly, but they do know that you, or someone who you paid, is interested in Wasabi.
Peter McCormack: So, I've got my Wasabi wallet here, my address. Once I've CoinJoined, is that sat within a separate wallet within my Wasabi wallet?
Max Hillebrand: No, it sends into the same wallet multiple new coins.
Peter McCormack: Okay, but somebody tracking that, won't they just know?
Max Hillebrand: Well that's the beautiful thing. So, if you're all alone in your transaction, let's say you have one input and two outputs, then it's pretty easy to see, "Okay, someone just made a payment. One of those outputs went to the merchant, the other is to change". That's pretty easy to figure out. However, now imagine you have a transaction with 300 inputs and 300 outputs, and you don't know how many people are making this transaction, you don't know if they're making payments. You don't know if one user just has one coin registered, or if that user has ten coins registered on the input side, you don't know, and that makes it just a lot more complex to figure out.
Peter McCormack: And then, from that new CoinJoin address where I've done all my CoinJoining, if I went to a website and wanted to buy some stuff with Bitcoin and it was a place where I had to put my address in, I'm a dumbass because I've suddenly exposed myself that that entire thing's me, right, potentially?
Max Hillebrand: Well yes, of course, but what you did not expose is where did you get that money and how much money did you receive in the past, because maybe you're Satoshi and you have your Genesis block coins still around and you don't want that website to know that Peter McCormack is actually Satoshi. Then, if you were to CoinJoin with those early coins, then you get new coins back basically, and those are no longer as easily tied to the Genesis.
Peter McCormack: So, the new coins all -- because you can trace coins, the journey they go on, right?
Max Hillebrand: Well, kind of. But I'm saying kind of, because in many cases you're absolutely right, especially if there's one user doing the transaction, then it's pretty obvious. But as soon as we have hundreds of inputs and outputs, it becomes super-super-difficult to do it. Yes, in some cases you can, but definitely not in all.
Peter McCormack: Is it not like a Sudoku puzzle?
Max Hillebrand: Yeah, it is.
Peter McCormack: So, when you're doing a CoinJoin, you're waiting to CoinJoin, are you always waiting for a certain number of people?
Max Hillebrand: Yes, and we're basically waiting for at least, right now as we've configured it, at least 150 inputs being registered, and I think a maximum of something like 400 is where we're targeting it. And usually, that's going to happen maybe once every 30 minutes, sometimes once every 10 minutes.
Peter McCormack: Right, decent.
Max Hillebrand: It depends on the number of users online at this very moment.
Peter McCormack: And what are those fucks at Chainalysis trying to do; how are they trying to break down what you're doing? They must be up to something; are they throwing transactions in?
Max Hillebrand: Yeah, that's a good question. I don't think that there were any public statements that they do. I'm not sure they would tell us if they do!
Peter McCormack: They wouldn't tell you. Aren't they valued at like $9 billion now, or something ridiculous? Fucks.
Max Hillebrand: Yeah. Sure, so the idea of a CoinJoin is that you get together with a bunch of other users; that when there are a bunch of other users, it's very difficult to follow input to output. But then, that means that if one entity fakes to be 99 different users, and you're the 100th user --
Peter McCormack: They're spending a lot of money to do that.
Max Hillebrand: That's exactly it. You can do that, but it's really, really expensive to do that, especially when there is a large liquidity at that coordinator.
Peter McCormack: I'm assuming that they've probably got some probabilistic tools they're using to try and map activity, but it gets difficult.
Max Hillebrand: It does get difficult, and I'm thinking for Wasabi 1.0, they could get a lot of interesting data to fingerprint. For example, in Wasabi 1.0, there was still this change output, where one of those outputs was very easily linked to some of the inputs, and basically anyone could do that. Stuff like this, they probably made easy to see in their tools. But for Wasabi 2.0, we fundamentally changed that, so now there is no more change output on the output side, but all of the outputs that you get should be private and very difficult to link to your inputs.
So, we made it a lot more difficult for Chainalysis and others to try to follow this, and I don't think they have anything as of now. I would be very surprised, just because it's cat-and-mouse game, and we just made the first move. But we'll see how it goes. With all of these privacy things, if you have an adversary that is super-rich and has a lot of time and is very dedicated to get you, he can probably get you. And it's also a question about for what time window do you want to stay private, because it's unreasonable to assume that you can stay private for the next 1,000 years.
Peter McCormack: Yeah, I probably won't live for the next 1,000 years as well!
Max Hillebrand: Exactly, but for the next couple of months, yeah, we can probably deter and adversary to not find you in that short time.
Peter McCormack: But once you have CoinJoin, are there certain kinds of transactions you should avoid doing? Are there certain things you could do after you've CoinJoined that re-expose who you are?
Max Hillebrand: So, yes, there is. One important one is, you get a couple of those mixed high-anonymity set outputs, and then if you spent them together with an unmixed output, let's say one that you got from your mum or something, then an outside observer sees all of these CoinJoined outputs being spent, and then one non-CoinJoined output being spent, and then for example, your mum will know that all of these CoinJoined outputs that you're consolidating here belong to you as well. She knows that this new coin that she sent you is yours, and now you're spending the coin that she sent to you together with a bunch of private coins.
Peter McCormack: How would you do that though? If you're auto CoinJoining, that should never happen, right?
Max Hillebrand: Exactly.
Peter McCormack: So basically, that's another reason to auto CoinJoin, because if you switch it on and off, you can end up making that mistake of mixing together?
Max Hillebrand: Kind of, yes and no. So, it's alright to pass the CoinJoin mechanism for sure, it's just the question of, are you making outgoing payments at that time?
Danny Knowles: In the new Wasabi, when you send a payment, do you still select the UTXOs; and do they still tell you the anonymity set?
Max Hillebrand: Not by default, no. By default, the wallet checks, what's the payment amount, how much do you want to send? And then, do you have enough private coins in your wallet to make that payment? If yes, we just make the payment, we don't tell you about it, because you don't care, everything's all right. But if your payment amount is larger than the private wallet balance that you have, then yes, we show you -- well, we no longer show you the exact coins that you could spend, or how much they're worth and what's the anonymity set of them, because that again requires so much understanding of Bitcoin.
So, we've simplified this a lot by just showing you a list of all those labels, like the label, "Peter", let's say like, "Peter, Danny and mum", for example. Now, instead of seeing a list of coins, you see a list of those labels. And the question is, which of these people are you comfortable with telling about this new transaction, basically. Then you can choose, "Okay, I'm happy to use the coin that Danny sent me, that's all right".
Peter McCormack: I'm definitely going to be a Wasabi user now.
Max Hillebrand: That's lovely.
Peter McCormack: That's super-cool and super-easy what you've done. I still think there's things, like, I just think for you guys, you can do. But I will have to create a new address and sweep that one after this, as part of us doing it. I'm wondering, okay, so this is where it might not work. So, I have a cold storage multisig wallet. Should I CoinJoin before I send to that?
Max Hillebrand: I would say so, yeah, because let's say one of the sponsors pays you. Do you want to tell those sponsors how long you're holding on to that money? Would you be comfortable that they know that in 20 years, "Hey, he's still holding onto that, he never spent it".
Peter McCormack: If I'm still alive in 20 years, I won't give a fuck!
Max Hillebrand: But you know, they might learn a lot of information by how long is he not spending it, or how long is he holding it, and then to which address is he spending it, right. So, for this, it's basically as soon as you receive money, do a CoinJoin, and all of a sudden the person who gave it to you has no idea how long you're holding onto it.
Peter McCormack: Okay, but once I've done that CoinJoin, do I lose some of my privacy by being in a multisig?
Max Hillebrand: Yes, because the current Bitcoin multisig is exposed on the blockchain itself. You have three public keys and two signatures, for example, on the actual blockchain. And then people know that at least you're not a singlesig user. And, well, you said on the podcast you were multisig, so if I see a multisig coin on the blockchain, it might be yours.
Peter McCormack: It probably makes me more safe, because it's more of a pain to rob me.
Max Hillebrand: Well, definitely, so the safety is absolutely improved, but the privacy is worse, because there is a smaller crowd to hide it. The number of single public key coins is way larger than the number of multisig coins, so your crowd, your anonymity set is much larger. But that can get fixed with Taproot. Taproot makes multi signatures look like single signatures, and all of a sudden you can send into a multisig and nobody will know about it at all.
Peter McCormack: Have you guys used Taproot at all? We hear a lot of about, "Taproot's amazing, it's going to bring all this stuff", and then I don't know if people are using it yet.
Max Hillebrand: Yeah. I opened an issue like three years ago with, "Hey, let's do Taproot" and so far it got completely ignored, because there were other more important things to do. For us, fixing the UX, fixing the CoinJoin protocol and making it the default was by far the number one priority. Anything else comes way as a second.
Peter McCormack: I think auto CoinJoin is an absolute game-changer.
Max Hillebrand: I think it is.
Peter McCormack: I think you knew that was going to be a good thing for me, because last time -- I think that's an absolute game-changer.
Max Hillebrand: You know, the funny thing is, once we did that show with you and you walked through Wasabi 1.0 and it was just absolutely horrible and embarrassing, we had our internal codename for this was "the Peter McCormack edition"!
Peter McCormack: I know about this, yeah!
Max Hillebrand: Because, if we can build a wallet that is private, even when a moron like Peter is using it, you know!
Peter McCormack: Oi, come on, man, I gave you some whiskey!
Max Hillebrand: Then we've really succeeded, you know!
Peter McCormack: No, do it, I've heard of other people, "It's the McCormack test. Is it McCormack-proof?" No, I am more intelligent than I make out, but sometimes I just try and show to people to make it easy. I want you to have more people to use it. So, this is a desktop wallet. Is that considered a hot wallet?
Max Hillebrand: Yes.
Peter McCormack: So, would it be smart to go in, CoinJoin, and send it to another one?
Max Hillebrand: Yes.
Peter McCormack: So, if I had a Ledger and I had two wallets on that, and that was old wallet and new wallet, and for my old wallet, I sent a CoinJoin to my new wallet, all under the same xPub, have I completely wasted my money?
Max Hillebrand: You're using Ledger Live app, right?
Peter McCormack: Yes.
Max Hillebrand: I'm not 100% sure, but I believe that they do not send your xPub.
Peter McCormack: They don't send your xPub?
Max Hillebrand: No, they send a collection of addresses, let's say 100 of them.
Peter McCormack: Yeah, they do, yeah.
Max Hillebrand: And, for each account, so to say, they send that separately, I think; I'm not 100% sure. So, it would not be trivial. However, for example, if you don't use a VPN or you don't use Tor, they know that the same IP address has sent these two different batches of addresses, so probably it's the same guy.
Peter McCormack: So, I'm the kind of person who would just get two different devices for peace of mind. I would have my old device and my new device, and I would send to CoinJoin, CoinJoin it, and send it to the new device.
Danny Knowles: The terrorist device!
Peter McCormack: The terrorist, yeah!
Max Hillebrand: Or, you just connect your Ledger to Wasabi. You can do that, right. Wasabi supports basically all hardware wallets. The cool thing is, Wasabi never sends any xPub or address to anyone else, and we use Tor by default.
Peter McCormack: Yeah, but isn't there an IP address?
Max Hillebrand: No, we use Tor by default for everything. Your IP address is never revealed.
Peter McCormack: So, how do I connect it in here?
Max Hillebrand: You just plug it in. At the bottom left, you see, "Add wallet", then --
Peter McCormack: "Connect to hardware wallet".
Max Hillebrand: Exactly, by the way, I think your screen's not updating.
Peter McCormack: Is that, connect hardware wallet to send in?
Max Hillebrand: No, that's to get your xPub from your hardware wallet into the Wasabi client, so then Wasabi can generate all the addresses of your hardware wallet. And then, Wasabi checks the blockchain for coins on your hardware wallet, and then it displays them here to you.
Peter McCormack: No, what I'm saying is, am I connecting my wallet to send to CoinJoin, or to receive?
Max Hillebrand: You connect your wallet to receive and send, both. It's like Ledger Live basically.
Peter McCormack: Yeah, but what I'm trying to say to you is, if I want to send from one wallet, my old one to my new one, I'm not going to connect them both?
Max Hillebrand: You would have to at one point connect both of them, yes, because you need both of the xPubs basically.
Peter McCormack: At the same time?
Max Hillebrand: No, not at the same time, it doesn't have to be at the same time.
Peter McCormack: Yeah, that's the point I'm trying to make. So, I connect the old one, send them into CoinJoin, connect my new one, receive them back?
Max Hillebrand: Exactly.
Peter McCormack: Yeah, fine.
Max Hillebrand: There's lots of ways that we can make this better. For example, one would be to -- so your new Ledger has an address, so what we can do, we can, we're not doing it yet, but it would be call, is we can just take an address from your new hardware wallet and put it directly on the output side of a CoinJoin. So, just when you make a CoinJoin, automatically some money gets sent to your hardware wallet, and you don't have to do a separate single-user transaction later; so, that's one important thing.
We're even working on CoinJoining on the hardware wallet directly. So, you have coins on your hardware wallet, and you just plug it into your computer and CoinJoin, and the CoinJoin transaction itself is signed on the actual hardware wallet. So, this way, you don't have to send back and forth at all anymore. It's just really difficult to build all this stuff, so it's going to take some time.
Peter McCormack: So, I can imagine there are certain people around the world looking at you as a company -- I see you as freedom fighters. But I can imagine there's some people around the world like, "Who the fuck are these guys and why are they helping terrorists and drug dealers?" Whereas, you're really not, you're helping the common man protect himself from the massive encroachment of the state into everything we do, which by the way is getting obscenely ridiculous.
Who was it was had? We had our meetup the other day, and the guy running the meetup, he went to the bank, NatWest bank, he put it up on Twitter, and they were basically saying, "If you want to spend certain amounts of money", what was it, like up to £2,000, "we might not let you have that money".
Max Hillebrand: Withdrawing cash, you mean?
Peter McCormack: Yeah, it's like, "What the fuck?" I have it now. Almost every invoice I get paid from my business, I'm having to send proof of contracts. It's getting ridiculous.
Max Hillebrand: Yeah, it's super-inefficient. And it's such a massive waste, the surveillance system, and it decreases the human potential and the human flourishing. It's really serious, so we need to do something about it. There's reasons why all of these existing financial regulations are there, because the existing financial system is fully based on credit and debt. If you borrow someone else money, you want to know who that person is, obviously, because you want to get it back in the future, the money.
Peter McCormack: But do you get letters from agencies or government agencies, or people that are like, "Hey, I'm not so sure about what you're doing over there, brother?"
Max Hillebrand: Sure, but what's the answer to that?
Peter McCormack: Go fuck yourself! That's what you do, tell them to go fuck themselves!
Max Hillebrand: Well partially, I guess, yeah! But one of the cool things is we designed our service in a way that the user reveals the absolute minimum amount of information to us. We don't know your IP address, we don't know your name, we don't know which coins you have, we don't know your xPub; we know very little about you.
Peter McCormack: So, you're not money transmitters?
Max Hillebrand: No, we're a chatroom, we're a communications provider. Users come to us to send messages back and forth, and we manage the access right into this chatroom, basically. And you can only get into our chatroom if you provide an input onto the CoinJoin.
Peter McCormack: A chatroom!
Max Hillebrand: It's literally a chatroom, really; we're sending messages back and forth.
Peter McCormack: Yeah, I mean I like it.
Max Hillebrand: We don't touch your money, we don't tell you what to do with your money; we're a chatroom.
Peter McCormack: I mean, I think what you're doing is amazing. I think it's very cool that you've made it a lot easier. You've done that thing where you've now bridged the gap for usability for morons like me to use it, and that's brilliant, I love it.
Max Hillebrand: That's the other thing. If you're a criminal, you're probably under a lot of risk, and you probably have a lot of money, because I guess you just stole it, so you have a very high incentive to protect your privacy, and you're willing to spend a lot of money on that; a lot of money, a lot of time. But the Average Joe doesn't. If you're just the Average Joe, why would you spend hundreds of thousands of dollars to protect your privacy, it doesn't make sense?
But still, you want to have the privacy very much, you just don't want to have it that expensive. Criminals don't care if it's expensive and complicated, honest people do, and that's the vision of Wasabi 2.0. I don't want criminals using the software, obviously. I mean, I can't do anything to prevent them, to a large extent, but I want real people, honest people to use this, and those that don't even have that much available capital basically to protect themselves; it should be easy, it should be for everyone, and that's the vision of Wasabi 2.0.
I'm thinking that the percentage of actual criminals that are now using Wasabi 2.0 is going to plummet like crazy, because the Average Joe is going to use Wasabi 2.0, because why not? It's easy and it's cheap and it just works. So, that means much more honest users are going to join us, and I guess criminals probably are going to decrease as well; I don't know. But in any case, the percentage is going to be just mostly good people.
Danny Knowles: How much does all the stuff that's happened with Tornado Cash over the last week or so worry you?
Max Hillebrand: Yeah, it worries me a lot, it's crazy. There is a bunch of incumbent regulation on money service providers and banks, and these rules were designed for the old system, and now we have a complete new system and the rules don't apply anymore. If you would consistently apply those rules, you would be breaking every single human right that there is.
Peter McCormack: But governments don't care about breaking human rights.
Max Hillebrand: Unfortunately, yeah, that's their definition.
Peter McCormack: So for me, the risk factor here is you guys, as individuals, and the codebase. Is there anything they can do, like can the codebase be out there decentralised and no one can touch it?
Max Hillebrand: So, two-and-a-half years ago, when we started the Wasabi Research Club, we asked exactly that question, "Do we need to have a central coordinator, a central provider of the service; or, wouldn't it be better if it's decentralised?"
Peter McCormack: A bit like Bitcoin Core?
Max Hillebrand: Exactly. The thing is, if you're doing decentralised stuff, it's bloody difficult. There's a reason why it took us 40 years to discover Bitcoin after the first Ecash system that we had, because it's difficult to do things decentralised. We figured out the same thing. There are decentralised CoinJoin protocols; they're super-slow, super-complex, super-expensive, and they just don't work as well. Unfortunately, the CoinJoin model works really well if you have just a central chatroom; it's much simpler.
Peter McCormack: What is the risk there though? Tell me if you can't answer this, but is it an obvious place it's hosted, and can the hosting provider be targeted and say, "You shouldn't host that software anymore?"
Max Hillebrand: Sure, the person who runs the computer can pull out the cable, yes.
Peter McCormack: But can you obfuscate that by hosting it on the Tor Network?
Max Hillebrand: We do host our server behind a Tor on the inside, but also on Clearnet. We're not trying to hide at all. I don't think that work in the long run. So, no, we're pretty public, because what we're doing is legal, absolutely, and we've heard that from numerous law agencies, numerous lawyers, numerous FinCEN equivalents in different jurisdictions. We're not a money service provider, we don't touch your money; we're a chat service.
Peter McCormack: Look, I know that and I understand all of that. What I'm saying is, I know what the state will think you enable. We used to have that guy who sponsored the podcast, that wallet DropBit. It turns out years ago, he was running a mixer. He got arrested, I don't even know the status of his thing, but he's facing --
Danny Knowles: He's facing a long time in prison.
Peter McCormack: Yeah, a long time in prison.
Max Hillebrand: Definitely.
Peter McCormack: And, do you know what he was doing? He was allowing people to hide their transactions, because they wanted to buy things on dark markets and protect themselves, which is an absolute right, people should have that privacy. I got into Bitcoin buying something on the dark market for my mother to treat her cancer. I would love that hidden; absolutely people deserve that right. But he's accused of running a mixer. He's now potentially facing more than a decade in jail.
Danny Knowles: The Tornado Cash CEO has gone through the same thing. It's reported today that he's been arrested.
Peter McCormack: He's been arrested?
Max Hillebrand: Yes, allegedly.
Peter McCormack: What's the difference between you and them?
Max Hillebrand: The difference between the first example is that the first example is custodial. There was that custodial mixer; you sent money to someone else. That's a bank, that's a money warehouse. And even though the regulations that we currently have are old and antique, they still apply in that case and there's a reason why they apply, because the guy can run away with your money, obviously. We can't do that, we're a non-custodial thing.
Peter McCormack: But that's not why they were pissed at him.
Max Hillebrand: Exactly, but that's where there's an incredibly important legal and ethical difference here. It's very crucial to state that there is a difference between a bank and a chat service, a huge difference. But on the other hand, Tornado Cash is one example. That's a somewhat decentralised protocol, where the server is even run on the Ethereum blockchain. So, this is in a smart contract, so to say, and that got sanctioned, and the developer of that is now apparently arrested.
Peter McCormack: So, what stops you being sanctioned and arrested?
Max Hillebrand: That's a really good question. I'm hoping it is an accurate enforcement of the law, because that's one thing. And then the other thing is that I'm not sure if that changed anything, but we now do start to blacklist certain coins from entering our service, or from using our service, more accurately.
Peter McCormack: What, like FATF ones? Sanctioned addresses.
Max Hillebrand: Sanctioned, and in more general terms, criminals, stealers, murderers, violation of private property rights.
Peter McCormack: How do you recognise which are the addresses that you blacklist?
Max Hillebrand: We work with a surveillance firm, basically, a private investigator, one of those Chainalysis clones.
Peter McCormack: Who I call them thugs!
Max Hillebrand: Likewise!
Peter McCormack: So, okay, that's fine. Has there been any negative reaction to that? I'm not opposed to that. If you're stopping criminals using it so you can provide a service to people who aren't criminals, I think that's great. But I also know how pure and ideological some bitcoiners are. In their view, have some people been like, "You shouldn't be doing that"?
Max Hillebrand: Yeah, definitely. The backlash was huge and understandable. But I think one of the reasons for this is that, Bitcoin is a decentralised monetary protocol, and here, having censorship resistance is just absolutely integral. If you don't have that, the money system breaks down.
Peter McCormack: That's censorship resistance addressed to address you're a service.
Max Hillebrand: Exactly, that's the huge difference.
Peter McCormack: You're a private service. That's like saying a pub should be censorship resistant, and anyone can walk in that place and have a beer. If it's my fucking pub, you can't come in.
Max Hillebrand: Exactly. That's why they have dress codes in restaurants. It's the exact same thing.
Peter McCormack: Yeah, dress codes in restaurants. No Tottenham fans in my football club; fuck them!
Max Hillebrand: Exactly! So, that's my argument. We, as the entrepreneur, have absolutely the ethical right to choose our customers; I would even argue, a somewhat moral responsibility to actively not choose criminals as our customers, because I don't want to make their life easier.
Peter McCormack: But one man's criminal is another man's freedom fighter.
Max Hillebrand: Yeah. The definition of who's criminal and stuff is just super-difficult. I think the free market, to some extent, solves that. Because if, let's say, we would be blacklisting all the peaceful protesters, all the Canadian truckers and all of these, then hopefully customers would get annoyed, and they would call us out publicly and stop using the service and we'd make less money and we'd go bankrupt. I hope that will be the case of happening.
So, I believe that also the merchant has a somewhat moral duty to not work with criminals, and then the customers have somewhat of a moral duty to call out their entrepreneurs when they're making immoral mistakes. Arguably, harassing peaceful individuals is not all right. I just hope that we can experiment with these incredibly difficult questions without relying on central authority and compelled rules. I think this is way too early to make these clear cases now, because we just don't know what's going on.
This is such a cutting-edge, revolutionary technology in principle that we need to stay flexible I think at this moment, and we need to have that free market feedback mechanism of, where should we go? It's tough, it's really difficult, yeah.
Danny Knowles: The one thing, I desperately hope not, but I'm kind of resigned to the fact that most services like this might be blacklisted at some point in the future. Do you think there's a future where that doesn't happen?
Max Hillebrand: Do you mean that users of Wasabi are blacklisted when they deposit money into a bank, for example, or that the coordinator is just blacklisted?
Danny Knowles: Well, I guess that's kind of already happening, isn't it, the first one? But I think maybe using the service --
Peter McCormack: Talk me through that; what's happening?
Max Hillebrand: So basically that was, some users used Wasabi, and then sent the money to, for example, BlockFi, to deposit their money and lend it out at their service. BlockFi did some surveillance and looking where does that money come from, and they see that it's coming from a Wasabi CoinJoin. So they're saying, "Hey, that's way too risky for us, even though we know who you are and everything, we're just going to shut down your account basically, and hopefully they sent you the money back".
That happened numerous times. That was one of the many reasons why we started to curate our customer base, to hopefully reduce this. If there are no illegal coins on the input side of a CoinJoin, then it doesn't really make sense to blacklist all of the users of that CoinJoin.
Peter McCormack: Oh, so it was because there were some on the input side?
Max Hillebrand: Arguably.
Peter McCormack: Arguably?
Max Hillebrand: Yeah.
Danny Knowles: But then it gets into the tricky question of once you've CoinJoined, how many hops is it until you're not that person?
Max Hillebrand: Yeah. And by the way, that depends on the end customer, it does not depend on the chain surveillance software itself. They just tell you, "Hey, this address was an incident and the address that you're looking at now is four hops away from that incident", for example, and then it's up to you if you say, "Okay, that's all right" or, "That's not all right". So this BlockFi, for example, could have made a different decision here, they were not forced by the chain surveillance company in that extent.
Danny Knowles: Oh, interesting.
Peter McCormack: Yeah, something like that, I think they're trying to take the cleanest approach possible, least risky approach possible, at a time being under pressure from the SEC, etc.
Max Hillebrand: Yeah, absolutely.
Peter McCormack: And they're not a sponsor anymore, so I don't even have to defend them for the sake of defending them.
Max Hillebrand: Yeah, but here again, this is a very new and cutting-edge phenomena, all of this. So, I don't blame BlockFi for being uncertain and for erring on the side of caution; I think it absolutely makes sense. I just hope that they get sufficient enough feedback from their customers to then consider changing their position. Let's say Wasabi 2.0 is successful, all peaceful people start using it, and all of a sudden if you, as a business, would start blacklisting blanket statement all Wasabi users, you're going to lose 80% of your customers. Are you still going to do it? Maybe, maybe not.
So, that's where I'm thinking, we just need more time to experiment with this; this is just way too early, and we'll see how it goes in the future and how that back and forth goes. And again here, I think customer feedback is essential, not just the feedback you give for the wallet of how to make it better, but exactly these types of conversations; it's very much needed.
Peter McCormack: What will Wasabi 3.0 do?
Max Hillebrand: Oh, damn! That's a great question. So, I'm pretty convinced that the on-chain privacy part, we've got it figured out, this is basically done. The UX can be slightly improved, but basically it's done as well. So I'm guessing our next step is going to be scaling, reaching more people; so that means, for example, translating the software, that's an obvious one; getting a mobile wallet.
Danny Knowles: No one reads it anyway!
Max Hillebrand: That's so true! A mobile wallet is another huge one obviously. So many people don't have a laptop, so that's massive. Being able to CoinJoin on your hardware wallet directly is another huge one.
Danny Knowles: That would be very cool.
Max Hillebrand: It's coming very soon, by the way.
Peter McCormack: How, is that like partnership with the wallets?
Max Hillebrand: Magic! This specifically, yes.
Peter McCormack: So, it's coming to COLDCARD?
Max Hillebrand: No, COLDCARD doesn't even have its own wallet, so they couldn't do it. I mean, Coinkite, the company behind COLDCARD, doesn't produce a software wallet that you manage with your COLDCARD, they just work with any other wallet. So, as soon as, let's say, Wasabi adds CoinJoin hardware wallet support --
Peter McCormack: Then they don't have a Trezor.
Max Hillebrand: I can neither confirm nor deny it!
Danny Knowles: I mean, there's only a few you can guess!
Max Hillebrand: There's not many options left!
Peter McCormack: I'm trying to think what else I would be thinking about.
Max Hillebrand: Oh, yes, sorry. One thing of 3.0; Lightning.
Peter McCormack: Oh, that was in my head. So, is there an equivalent CoinJoining for Lightning, because I've heard Lightning's pretty private, but not completely private?
Max Hillebrand: No. CoinJoin is a very blockchain-specific thing.
Peter McCormack: But you will come up with something different for Lightning?
Max Hillebrand: Yeah. We started half a year ago, the Lightning Privacy Research Club; zkSNACKs sponsored it as well. And, we've kind of taken an overview of what's the current state of the Lightning Network, and it's pretty good. If you're a sender, great privacy on the Lightning Network. But if you're a receiver, not so great; if you're a routing node, also not so great. There are many things that could be improved there. Well now, after a couple of months, we have it somewhat figured out as well.
Just as a quick summary, blinded paths give you basically anonymous receiving experience. So, once you receive money, the sender doesn't even know the node where your money goes to. Then of course, we have Taproot improving a lot of the privacy aspects, like channel privacy; multisigs look like single signature, stuff like this; these Point Time Locked Contracts help a lot to improve the routing privacy as well. Basically with this, we have a rather solid, theoretical foundation of making off-chain payments in a privacy-preserving way.
Peter McCormack: Nice.
Max Hillebrand: It's going to take us maybe another half a year, or a year, to finalise that research, and the goal of it is to have the design, or the architecture, of a privacy-focused, lightweight Lightning wallet, so not a full Lightning node, something like Wasabi. It's not a full Bitcoin node, it's just a lightweight wallet that cares about privacy. That makes it a lot more heavy than, let's say, Ledger Live, but it's still light compared to other solutions.
We're probably going to get something like this -- well, in Wasabi, it's going to take some time, because Wasabi is now flagship, stable, high-quality software, and we're not going to experiment with some hacky solutions that work somewhat for some users; no, we want a proper solution that works by default for everyone. So, it's going to take two years, five years, to get it into Wasabi, but that doesn't mean that other wallets cannot experiment.
Peter McCormack: Yeah. Well also, with stablecoins potentially coming to Lightning, I think being able to CoinJoin, whatever the version of CoinJoin is on Lightning, your stablecoins, that would also be interesting for people, if that's possible.
Max Hillebrand: Yeah, I mean basically you can do a lot with payment channels, and you can route through even multi-asset payment channels. So, yeah, that's going to be really interesting. It's just a lot of complexity, and there are many, many different nuances that you have to consider. It's difficult enough to build a secure Lightning Network by just sticking with one currency; but then adding second currencies and all the foreign exchange risk that goes on there, opens a lot more attack vectors. I'm not sure all of it fits with privacy. Probably that doesn't matter so much, I would say, what the asset type is on the Lightning Network. But yeah, nuances everywhere, lots of work to do, it's not going to be boring.
Peter McCormack: Are you still living entirely on Bitcoin?
Max Hillebrand: Sure, yeah.
Peter McCormack: Yeah, has that got easier?
Max Hillebrand: Yeah, definitely. I mean, define entirely?
Peter McCormack: Well, as best you can. I mean, you carry a few dollars, but do you have a bank account?
Max Hillebrand: No.
Peter McCormack: No bank account at all?
Max Hillebrand: No. Why?
Peter McCormack: Just certain things, I don't know, that are easier, like mortgage payments.
Max Hillebrand: That's true, yeah. If you're in a credit system, yeah, you need all the benefits that a fiat banking account can give you.
Peter McCormack: But you're not in a credit system?
Max Hillebrand: No.
Peter McCormack: Interesting.
Max Hillebrand: You know, I love finance and debt finance is a beautiful thing, absolutely. It's essential. Without debt, you cannot have a profitable economy; you cannot have an economy full stop. There must be debt in the system. It's just that the current manifestation of debt is absolutely appalling.
Danny Knowles: One question, just before you close out. Do you think, with really good software and getting it to enough users, you can get rid of the need for on-chain privacy?
Max Hillebrand: That's an interesting question. But what do you mean, "Getting rid of on-chain privacy"?
Danny Knowles: Well, I'll say privacy by default, in terms of for every user of Bitcoin.
Max Hillebrand: That's a really great question.
Peter McCormack: I mean, this is what we do!
Max Hillebrand: So, let's assume that everyone earns Bitcoin, so you don't exchange it, you earn it. And then basically, only the employer knows that you got paid, so to say. And if you don't do address re-use, which by the way is already a privacy best practice, that should be the default, then yeah, it already becomes more difficult.
But I think CoinJoin specifically is going to stick around in the long run. It's a very beautiful solution for the financial privacy problem on any blockchain, basically, especially Bitcoin. And I do think that it's going to be the overwhelming default for everyone. And you know, it's not just private people, it's companies as well, governments, everyone's going to CoinJoin. That will definitely change the actual level of privacy that you do get. So, it's about the size of the crowd, the anonymity side; and the more people behave similar to you, the more indistinguishable you become.
Danny Knowles: Which makes sense on why they're trying to crack down on it early?
Max Hillebrand: Yeah. Arguably it's not that early, arguably it is. Yeah, it's going to be really interesting. It's probably going to continue with some crackdowns, and I believe we will have to actually pick up, to some extent, a fight and take this to court, because I think it's really, really serious legal mistakes here. You don't just simply throw out freedom of speech; you do that at your own peril.
Peter McCormack: We do here in the UK.
Max Hillebrand: Yeah, so I'm really curious of how this goes. And again, the laws of different countries are super-different, but we're a cyberspace company, so it's a global service, used probably all over the place. And the legalities of it are incredibly complex in that sense. So, it's tough, but -- Pirate Bay, by the way, is another great example. Those were a couple of crazy hackers and freedom lovers who stayed 100% within the bounds of the law, but still, since they challenged the intellectual property conglomerates of Hollywood and everyone else, they got some pretty powerful enemies, and they live their lives quite miserable.
It's funny, if you go piratebay.org/legal, you see a lot of the legal requests that Pirate Bay received with, "Hey, take down this illegal content from your website". And then they had to explain that, "The content isn't on our website; we just have the magnets Torrent link towards the file, but we don't host the information"; very similar to zkSNACKs and Wasabi. We're not a financial service provider, it's not our money, we cannot stop our users from using the money; sorry.
Danny Knowles: Just interface.
Peter McCormack: Wasn't it Pirate Bay that accepted Bitcoin and crypto donations, but they said, "We don't want Bcash"?
Danny Knowles: I don't know, was it?
Peter McCormack: I'm sure they trolled it and said, "No thanks"!
Danny Knowles: That's cool if that's true.
Max Hillebrand: Yeah, so ultimately, the guys doing Pirate Bay, they were absolutely in the right. They were morally, ethically, legally correct, and the other guys were wrong. It didn't help, all of them ended up in jail for at least some time, even though they fought it for a long time, almost a 15-, 20-year long battle, so to say.
Peter McCormack: Never destroyed Pirate Bay.
Max Hillebrand: No, exactly, that's the thing. Whatever they do, for example with Tornado Cash, it's not stopping Tornado Cash. I mean, okay, it's on Ethereum, that's not censorship resistant and there's massive attack vectors that can be taken here. But let's stick with Wasabi; the code is free and open source, it's out there, it won't be forgotten. People will continue using it, even if it's not our company running the coordinator. The backend code, the coordinator code, is open source as well. It takes you five seconds to run it yourself. And you can do it anonymously.
It's kind of the head of a hydra, right? We're the good guys, being public, being upfront about this, not trying to hide actually challenging the public conversation about this. And sure, you could shoot the messenger; it doesn't mean that the message has gone, quite on the contrary. It will just be a hydra popping up more and more.
Peter McCormack: If I copied your code and created my own version of Wasabi out there and I became a coordinator, am I connected to yours, or is it completely independent?
Max Hillebrand: Completely independent.
Peter McCormack: I mean, is it technically possible that they can integrate, because then you could just have people create thousands of them around the world?
Max Hillebrand: Yeah, definitely. I mean, I had this idea of just putting the backend code into Wasabi wallet. You click a button, initialise CoinJoin and invite your friends. Sure, JoinMarket does that. In JoinMarket, you're your own coordinator. The "taker" in the JoinMarket jargon is the coordinator. The coordinator backend code is just in every client. Click a button, start a round, you say the round parameters that you have, and then you don't invite your friends, you actually pay for liquidity. So, the makers, the CoinJoin users, so to say, connect to your server and then you all make that CoinJoin together.
Peter McCormack: Interesting.
Max Hillebrand: That's the other thing; how are you going to stop that? How are you going to stop people using their computer and talking to other computers.
Peter McCormack: We have to win, that's why.
Max Hillebrand: We do, it's seriously a matter of life and death. Again, humanity cannot survive under tyranny. It just dwindles away and dies. And yeah, it's a really important fight. If we lose this one, we're screwed, the future is going to be substantially different, and not in a good way at all. So, this is why I'm still doing it. Obviously, this is a massive risk; obviously, and it's not just me being it, everyone's aware of this in the team. This could go really, really badly for us, but it's worth it, because I see how bad the situation could be if we don't get our act together, and that makes me seriously afraid; like actually, I'm shitting my pants much.
Then, on the other hand, I see what Bitcoin enables and what privacy enables, and how that changes humans so fundamentally and makes them much more ethical and righteous, and that's the hope that I have. Where could we be if we stop stealing from each other for a couple of years? That's just insane. The potential of the human spirit is absolutely limitless. So, I have that fear behind me, I have that motivation in front of me, there's nothing that's going to stop me. I'm as all in this as I could be, and yes, it might be I go to jail for this; I hope not. I'm similar to Jack Mallers, too pretty to go to jail!
Peter McCormack: He's a little bit prettier!
Max Hillebrand: I would agree.
Peter McCormack: Well listen, brother, I think it's amazing what you're doing. I'm always very honest, I'm not going to pretend ever. The product was unusable for me last time, because it was too complicated; now it's usable. I'm just going to migrate to Wasabi wallet, it just makes absolute sense.
Max Hillebrand: That's sweet to hear.
Peter McCormack: Yeah, it's brilliant what you've done. A lot of these things need automating; you've taken it away, there's no headache, I can just get on with it. So, anyone listening, go check out Wasabi wallet, go and have a play with it, it's super-easy. If I can understand it, you can. Big shoutout to you, Max, appreciate you coming in, coming to Bedford, appreciate you coming to my hometown, it means a lot to me.
Max Hillebrand: Yeah, it's a lovely place.
Peter McCormack: We're going to have a beer tonight hopefully, and I've got to go and get my kids. So, keep doing what you do, appreciate you, man.
Max Hillebrand: Thank you very much.
Peter McCormack: Yeah, this was very worth doing.
Max Hillebrand: Yeah, it is. Hopefully we're going to go for the stars. It's going to be a bright future; it can be, it really can be.
Peter McCormack: The Moon and the stars. Right, Friday night, all right, people, see you later.
Max Hillebrand: That's it, bye bye.