From
JoinMarket's privacy is degraded (for a while)
09/06/2016
Summary
JoinMarket is a young project, there are some possible vunerabilities which could be exploited to spy on every user.
Recently people have noticed that one such attack seems to actually be happening. The attack has the possibility of degrading the privacy of all JoinMarket coinjoins.
All JoinMarket users must be aware of this, and may want to not use JoinMarket until the issue is resolved.
This vulnerability can probably be fixed with a protocol update to JoinMarket, but it doesn't exist yet and needs to be written.
What is happening?
The vulnerability (known henceforth as issue #156) was first written about in July 2015. It's named after the issue number of github.
Read through this issue to gain an understanding of what the attack is and how it works.
https://github.com/JoinMarket-Org/joinmarket/issues/156
It means that an attacker for free can learn what UTXOs belong to which maker, and can eliminate them when analysing coinjoins on the blockchain. It's not trivial to actually obtain all the UTXOs from a maker, but even learning a proportion of them is enough to spy on a large amount of coinjoins.
JoinMarket is still private to everyone who isn't this #156 spy. Different people use JoinMarket and bitcoin for many different reasons, if their privacy requirements are lower then they can still use JoinMarket. Without JoinMarket, bitcoin transactions can be analyzed in more detail forever in the future because they are recorded on the permanant public blockchain.
What will happen now?
There are a few ideas for solving this vulnerability. It's likely that one of them will be implemented and an update to JoinMarket rolled out. See the github issue for details. It generally involves limiting spy takers ability to get maker's UTXOs for free.
Alternate privacy methods
JoinMarket's sendpayment script probably can't be replaced. There's no other way I know of which immediately creates a bitcoin transcation like sendpayment.
JoinMarket's tumbler script (which aims to break the link between addresses) probably can be substituted by something else. The best way is probably to piggyback off the hot wallets of various bitcoin websites.
Worked example for tumbler replacement
We'll pick some bitcoin websites that don't require an identity to deposit and withdraw coins, and send the bitcoin through them. We must remember to split up the amounts and use different deposit addresses to stop amount correlation.
Say we want to break the link between 1btc we have and send it to our cold storage wallet. Each arrow -> is a new bitcoin withdrawal transaction.
LocalBitcoins.com NitrogenSports.eu ChangeTip.com BitFinex.com cold storage wallet
1btc -> 1addrA 1btc -> 1addrB 0.1btc -> 1addrE 0.1btc -> 1addrG 0.4btc -> 1addrH 0.25btc
-> 1addrC 0.2btc -> 1addrF 0.9btc -> 1addrF 0.6btc -> 1addrI 0.25btc
-> 1addrD 0.7btc -> 1addrJ 0.25btc
-> 1addrK 0.25btc