Este episódio do Freedom Tech Friday, publicado na Fountain, é uma conversa sobre o Stealth, ferramenta open source criada para colocar nas mãos do usuário uma parte do poder analítico que normalmente fica com empresas de chain analysis. A ideia é simples e forte: você cola o public descriptor da sua carteira, roda tudo localmente e recebe um relatório de vazamentos de privacidade com sugestões de correção.
Capítulos por assunto
- 00:00 Abertura do Freedom Tech Friday e apresentacao dos convidados
- 04:52 Trajetoria do Breno, BitDevs e origem do Stealth
- 09:50 Hackathon e concepcao do projeto
- 14:42 O que chain analysis ve e por que isso importa
- 19:40 Wrench attacks, sequestros e o custo real de falhar em privacidade
- 24:53 Arquitetura atual, regtest e proximos passos
- 34:58 Demo: heuristicas e tipos de vazamento detectados
- 43:31 Paynyms, silent payments e padroes melhores para wallets
- 54:28 Feedback para fabricantes de wallet e futuro do projeto
Boa parte do valor da conversa está em explicar o problema com exemplos concretos. O episódio passa por address reuse, common input ownership, dust attacks, detecção de troco, consolidação de UTXOs, padrões temporais de recebimento, origem em exchanges e outras heurísticas comportamentais que podem transformar transações aparentemente soltas em um mapa cada vez mais legível da vida financeira de alguém. A distinção importante aqui é que o Stealth não promete bala de prata; ele ajuda a enxergar os trade-offs que já existem.
Também ficou bem documentada a origem do projeto. O Stealth nasceu num hackathon do Bitcoin++ voltado a exploits, foi montado como proof of concept em menos de 24 horas e, naquele estágio, rodava em regtest justamente para permitir a criação controlada de carteiras com falhas conhecidas. A conversa entra nesse ponto, no papel do BitDevs Brasília, na colaboração com o George e no plano de evoluir a arquitetura para algo mais robusto, possivelmente com Floresta embutido.
O trecho final é útil porque discute distribuição, não só técnica. Em vez de imaginar o projeto apenas como app isolado, aparece ali a possibilidade de transformar o núcleo de detecção em biblioteca reutilizável por outras carteiras. Isso me interessa bastante porque muda o lugar do projeto: de demo boa de hackathon para peça de infraestrutura prática de privacidade no ecossistema Bitcoin.
Também publicado na Fountain: https://fountain.fm/episode/kUr7VFvKz6HywLRvoQ5Z
Projeto: Stealth no GitHub.
Transcription (experimental)
Fonte: Fountain
- 01:05 SPEAKER_01 Hello, everyone, and welcome back to Freedom Tech Friday, a weekly live and interactive show hosted on the Ungovernable Misfits X, Nosta YouTube Rumble, and Twitch feeds.
- 01:15 SPEAKER_01 We go live for one hour every Friday at nine, usually at nine AM Eastern, although I am well aware it is now ten a.
- 01:26 SPEAKER_01 But you can also catch up later on the Ungovernable Misfits Podcast feed.
- 01:30 SPEAKER_01 On Freedom Tech Friday, we like to cover the latest news and trends for anything relating to freedom technologies.
- 01:35 SPEAKER_01 That could be anything from Bitcoin, Monero, encrypted messengers, privacy tools, and everything in between.
- 01:55 SPEAKER_01 As always, I'm joined by my good friends, Max, the head honcho of the Ungovernable Empire, and Seth, who is COO over at Cake Wallet.
- 02:03 SPEAKER_01 Food Tech Friday is a live and interactive show, and you can help steer the conversation by commenting live, pre-submitting your questions, boosting the show via podcasting2.0
- 02:11 SPEAKER_01 apps, sending tips, or just sharing the show with your friends.
- 02:15 SPEAKER_01 Top support from the last show comes from Hablermos de Bitcoin, who sent500 sats and said the better improvements in UX we have, the more adoption will come.
- 02:26 SPEAKER_01 I think Hake have uh done a great job there.
- 02:28 SPEAKER_01 I think we'll all agree.
- 02:29 SPEAKER_01 Also, a quick special mention to Cass Peland, Loufa Lou, and Nathan Day for their sat streaming contributions last week.
- 02:36 SPEAKER_01 Thank you all for your support.
- 02:38 SPEAKER_01 We do have some guests I'm gonna introduce very shortly, but without further ado, let's dive into the show and say hello to my co-host Max and Seth.
- 02:45 SPEAKER_01 How are you doing, gentlemen?
- 02:48 SPEAKER_02 I'm doing I've uh waded back into the the the great Twitter wars of2026.
- 02:54 SPEAKER_02 So I'm uh I'm thriving.
- 02:56 SPEAKER_02 I'm thriving.
- 02:56 SPEAKER_02 I started a new war, but it's better than the Bitpoint and IDSE.
- 03:00 SPEAKER_02 So I'm you know better discourse.
- 03:02 SPEAKER_02 I'm doing my part.
- 03:07 SPEAKER_03 And I'm very sick again.
- 03:09 SPEAKER_03 Um the room is spinning, I'm snuffling away, but I couldn't miss this.
- 03:13 SPEAKER_03 And um the only thing getting me through the last24 hours has just been watching Seth going to battle, going to war, and thinking it could be worse.
- 03:25 SPEAKER_02 Yeah, a good case study of what not to do if you want a quiet life.
- 03:30 SPEAKER_02 Not say for wrong thing, but if you want to quiet life, yeah, don't listen to me.
- 03:34 SPEAKER_03 Yeah, don't listen to Seth.
- 03:35 SPEAKER_03 But yeah, seriously, today very excited about uh what we're gonna be talking about.
- 03:39 SPEAKER_03 This is something that me and Q have been discussing on I think almost every Bitcoin brief for the last year or so, that this kind of tooling would be incredible.
- 03:49 SPEAKER_03 So yeah, very excited.
- 03:53 SPEAKER_01 Yeah, absolutely.
- 03:54 SPEAKER_01 Um we we were talking about this on the Bitcoin brief and uh we were recapping a little bit, and I actually made a little wish list um where I was hoping that somebody was actually gonna uh uh um uh um uh um uh um uh by-code something just like what we're about to talk about today.
- 04:08 SPEAKER_01 So where it pop up on my Twitter feed, I was uh very excited and literally jumped straight into into Bruno's um comments to be asking him if he wanted to come on.
- 04:18 SPEAKER_01 Um so yeah, as I uh mentioned today, we've got a couple of guests joining us.
- 04:22 SPEAKER_01 We've got Breno and George, the builders behind a new open source tool called Stealth.
- 04:28 SPEAKER_01 Uh Stealth is a Bitcoin wallet privacy audit tool, for want of a better lack of a better term, that essentially runs the same characteristics that chain analysis like chain analysis like to use on all of us into this.
- 04:41 SPEAKER_01 Uh, but the difference is stealth puts those tools in your hands.
- 04:45 SPEAKER_01 You paste your wallet descriptor, it scans your on-chain history, and it tells you exactly where your privacy may or may not be leaking.
- 04:52 SPEAKER_01 Today we're gonna hear about why they built it, how it works, and that hopefully they're gonna give us a live demo so that you can see in it in action, excuse me.
- 05:01 SPEAKER_01 But first off, uh Bruno George, welcome to Freedom Tech Friday.
- 05:06 SPEAKER_01 Before we get into Stealth, uh, we'd all love to hear a bit about you both, uh, where you're based, what your background is, and how you ended up getting into you know doing what you're doing today.
- 05:15 SPEAKER_04 Thank you so much.
- 05:16 SPEAKER_04 I'm proud to be to be here.
- 05:19 SPEAKER_04 Um very very thankful for this invitation.
- 05:23 SPEAKER_04 Um, I I see you a lot on Twitter and awesome work that you're doing.
- 05:29 SPEAKER_04 Um, um I mean George, George can talk about himself uh a bit more.
- 05:38 SPEAKER_04 But uh we are both uh in Brazil.
- 05:41 SPEAKER_04 I'm the host of Bid Devs in Brazil, Brazil.
- 05:47 SPEAKER_04 And uh I I work um in Bitcoin surroundings since2007.
- 05:54 SPEAKER_04 Sin since2017.
- 05:58 SPEAKER_04 I started in Bitcoin doing some kind of uh I I started a crypto investing company, and then but it was2017 block wars, and uh I was if I was trying to invest, I need to understand it better.
- 06:15 SPEAKER_04 So I dive deep inside all those conversations of what actually is bitcoin and what is not bitcoin, why bitcoin cash is not bitcoin, why big blocks are better or worse, and and uh I became a maximalist very quickly because of that.
- 06:38 SPEAKER_04 And um I've been in and and since then I've been in in this space.
- 06:44 SPEAKER_04 I I wrote a book, which is um101 questions about Bitcoin.
- 06:51 SPEAKER_04 Um I'm thinking I'm translating it to English, I'm the in the process to translating it to English.
- 06:57 SPEAKER_04 I so sold like half a thousand copies in Portuguese, and I lots of people really enjoy the book, and um I'm translate I'm translating into to to release in to launching in English as well, and uh maybe other languages, and uh so so I we started uh bit dev devs, um we we just completed two... two years uh of bid dev devs, and uh Brazilia quickly after bite devs, Brazil quickly became a very big center of Bitcoin development here in Brazil, like Brazil is... is already getting really big because of intium of work Lucas work, and uh Brazilia is getting uh very very very good traction also.
- 07:49 SPEAKER_04 Like uh there's there's people working with Arc with Floresta. with lots of uh really cool uh uh relevant bitcoin projects and uh and yeah um but I I I am actually not uh I I I didn't came from computer science I'm actually came from electrical engineering and I went I I was initially a data scientist and uh now I'm working with machine learning engineer engineer depending on how you define it and uh and I worked in spirits of Satoshi uh some some of you might remember uh with some some some some some some some some some some some AI for bitcoin not long ago and uh I've I've been improving on my agentic engineering and I have lots and lots of ideas and this was actually not my idea George it was George's and and uh Herb Herb's idea and uh he could talk he can talk more about this he we... we did uh hackathon before and then he they they they had this idea and said Breno can you do you want me to join and I said like of course this this idea is amazing let's let's do it and uh George you can tell you about yourself hi guys uh thank you for having me here I'm I'm very glad for being here um so my background is uh as uh uh web developer and I started to get things in Bitcoin uh since when I started to go into the devs uh uh uh with Bruno's uh hosts so uh this idea games um especially for this event here in Brazil called uh... uh it's quite busless.
- 10:04 SPEAKER_04 Yeah this uh uh it's um worldwide it has uh in a lot of cities uh uh so here's this this sedition was um addition talking about uh it coin exploits so the idea was to track uh for their abilities and the user wallet so um we thought it was a good idea to present it in uh exploitation yeah you... you mentioned that you did this at the uh at the hackathon um... um could you talk us what that experience was like do you just kind of lock yourselves in a room for24 hours and hash out some ideas and then build out an MVP like walk was I've never been been involved in a hackathon like that so walk through what that experience is like yeah it was actually less than24 hours so I believe it was twenty two maybe it was it was very quick it's getting uh it's getting faster uh... uh we're we're getting less time I believe probably because of AI but um yeah it's uh basically what is a hackathon is uh it's kind of a competition where most of the hackathons you you build project projects and uh usually in bitcoin hackathons you're uh uh incentivizing building something some free down tech uh bitcoin or bitcoin adjacent and uh there sometimes there are some tracks where for example this bitcoin plus plus plus hackathon there was two tracks one to find exploits so you could like look for open source uh tech and find any vulnerability and uh and and you get um the best ones uh the best findings are we're going to get some prizes and the other track was to build like basically anything but of course if you are related to the team of the of the of the event which was exploits would be better so in this I so they and there is there's some side quests as well sometimes like uh there's sometimes the best for the prize for the best design or prize in this edition was there was a prize for someone that used the best use of um shakespeare which is a vibe coding tool um and uh so so basically that that's it and you have to have an idea and implement this idea uh... uh luckily it works uh uh in kind of20 less than24 hours and uh and then present them to some judges that will judge in based on some criteria in these events and usually the Btc plus plus plus plus plus plus plus plus plus plus plus event they they they have uh uh they judge by how difficult it is how how how how much work you put in uh
- 13:46 SPEAKER_04 how much work you put in um how well it performs uh if it's if it's working or if it's just like an idea and you... you couldn't make it work and uh so... so how uh how... how complete and work uh and and working is the project and uh third thing is they call the swag like uh the impact how... how they make the judge's eye shine something like this so and then we... we just like work uh our as of as much as we... we can we um... um i went to sleep at three330 a.m
- 14:31 SPEAKER_04 but George George I uh uh George I think you went to sleep at9 a.m
- 14:36 SPEAKER_04 right yeah around it yeah he went to sleep at9 a.m
- 14:42 SPEAKER_04 and then like at1030 he was already there at the event again crazy impressive stuff well it is was this hackathon the the the first time you two guys have worked together to produce like a bitcoin related product no... no uh... uh actually we... we did uh one last year in November for Satsconf in for for for for Satsconf um um which is in São Paulo but uh this is the second one that we were together but i i know George we although we it's like we almost never work together before like we... we know he he went to the first bdev devs and he always goes to the two bit dev devs like so so we know him uh about about two years now we've seen like every month awesome stuff well it seems like yeah yeah quite a powerful combination so uh long may it continue um okay let's uh let's get into the tool itself um i'm sure most of the freedoms
- 15:44 SPEAKER_01 Um I'm sure most of the Freedom Set Friday audience uh will have at least some level of understanding of kind of the chain analysis exists, but I don't think most people appreciate the the power that they they they leverage and how much um these types of companies with all of their different sources of data can infer about a specific wallet.
- 16:03 SPEAKER_04 Um so I guess let's walk us in gently like what what problem are you trying to solve here by building this tool like to put it into the... the hands of the people like what are you trying to enable yeah um bitcoin as most of us know is not anonymous it's pseudonymous so everything is transparent in the blockchain and but they are not easily linked to the person, but we can eventually and uh with or without our consent link some uh uh leak some information about ourselves.
- 16:44 SPEAKER_04 Like, for example, um when let's say we go to an ice cream stand and buy an ice cream with Bitcoin, and then we use the the change to buy something else in uh let's say I don't know a pair of shoes in a nearby store.
- 17:06 SPEAKER_04 So the ice cream stand.
- 17:09 SPEAKER_04 If he if they look at the blockchain, they would see that you use the change from the transaction to buy something else, uh or to exchange the send send some other payments um to another store.
- 17:27 SPEAKER_04 So so he can uh he can start to have another he can start to to have some idea of what's going on.
- 17:35 SPEAKER_04 Like you're you're already buying something else.
- 17:39 SPEAKER_04 He can infer that he... he maybe not sure, but he can.
- 17:42 SPEAKER_04 Maybe it's not sure, but he can infer that.
- 17:44 SPEAKER_04 And um other other something more common, for example, let's say you you buy lots of stuff, and now you have lots of small small UTXOs.
- 17:59 SPEAKER_04 The mining fee is very low, so you want to consolidate everything.
- 18:04 SPEAKER_04 Once you consolidate everything, it's very clear from someone looking at the blockchain that they are probably consolidating, and they're probably from one person, because there's lots of small UTXOs um going and and joining into one big UTXO.
- 18:30 SPEAKER_04 So this this is a very strong signal for someone consolidating their coins, and if they're consolidating their coins, it means that all those addresses that were once separated, now we can with uh high confidence infer that they are actually the same from the same person, so we can go back on those transactions and try to okay.
- 18:57 SPEAKER_04 I'm if I know this address, and I know that other address, I know that he bought something here and he bought something there, so I can't we can infer um the transactions that someone is making in and when we are doing our day to day stuff, we not always uh uh can see that this is going on, and uh this is what chain analysis do.
- 19:25 SPEAKER_04 They they they they they they they they they they they have some some they get some information they record okay this is the address for that exchange, this is the address for that uh company, and uh when someone uses uh an exchange.
- 19:40 SPEAKER_04 uh... uh an exchange or buy something in a company that they know the address and they somehow identifies you for example most exchanges have KYC so they they they they they they they identify you and they have some kind of agreement with chain analysis to provide that identification so they can track you from that single interaction and then even your other addresses that didn't touch that exchange in particular they can start to infer from from from from from from from from from from from other from not from from from from from from from from from from address reuse from behavior uh behavior experience and and other things like this yeah it seems especially now like this kind of tooling to um... um for people to see what fingerprint they're leaving and who can trace them is particularly important especially with all the attacks that have been going on real world uh wrench attacks and uh kidnappings and everything else like it's stuff that forever we've talked about being a reality and that people should watch out for and people have sort of rolled their eyes and not really bothered or thought that they can uh have a boating accident and people will believe them or governments will believe them but um things have got very real uh recently so how do you think about that when you're building this tooling do you think stakes will continue just to go up and that this is something that anyone who actually wants to use Bitcoin going forward needs to be using um like now yeah um there I I say that there are no silver bullets they're only trade offs so sometimes you need to consolidate your coins and uh in and and people will know what you did in the last summer and maybe if they are looking for, but the thing is that we are inventing uh better ways to deal with this all the time.
- 21:52 SPEAKER_04 We are building um there's lightning already, it's very difficult to trace.
- 22:03 SPEAKER_04 For example, um, there are there are some there are there are coin joints, pay joints, so there are there are several different tooling, and some of them more easier to to use, some more some harder to use.
- 22:17 SPEAKER_04 But the thing is, even though you use them, it's still there was no thing.
- 22:25 SPEAKER_04 There was no tool to see your coins in the blockchain at the moment.
- 22:33 SPEAKER_04 So even though you use a little bit of them, it's I believe that it's very important to understand the leaks that you already gave the the what already leaked from your information, so you can you can know what to do, or or you can you you're prepared once somebody uses this against you, for example.
- 23:00 SPEAKER_04 So if uh in in chain the difference between chain analysis and stealth is that chain analysis is the is a company that is providing governments and big corporations to spy on people, and uh stealth gives you the same leverage, the same opportunity for you to do the same.
- 23:25 SPEAKER_04 So you learn from your mistakes, and and you... you have you decide the best track, uh the best path for for improving on. from now on.
- 23:41 SPEAKER_01 Yeah, that makes sense.
- 23:42 SPEAKER_01 Um, I think one of the main hurdles that most people have, well, it is twofold is number one an understanding of the UTXO model and the the kind of trade-offs of that in terms of change and res reuse that you just talked about, Bruno.
- 23:55 SPEAKER_01 Um, and also um just having visibility on it, or like their coins itself, like coin control is a commonplace uh uh as a feature within most wallets, but I I'm gonna go out on a limb here and say that most people, most average bitcoiners is simply just not using it, that they're not labeling their coins, so they they they they they they they they they they they simply have no insight as to where the changes come from, how how quote unquote tainted any of their addresses are, what the links are, so having a visualization tool like stealth, um, and similar to you know, similar legacy tools that we used to have, like OXT and Boltzmann and KYCP, which I'm sure you guys have used in the past if you've come up with something like this, um, is imperative and can be a very powerful um tool in the bitcoiners tool box, especially when it comes to privacy.
- 24:43 SPEAKER_01 So um, I want to leave more than enough time to um go through the demo, which is typical just as uh George drops off the cut the stream again, it looks like you might be having some connection issues.
- 24:53 SPEAKER_01 Um Bruno, just do you want to just quickly walk us through like the current state of stealth in terms of where it's available, what networks it's available on, um you know the current state of the development.
- 25:06 SPEAKER_04 Yeah, sure.
- 25:07 SPEAKER_04 Um we did this for for the heckathon like two weeks ago.
- 25:13 SPEAKER_04 So we... we didn't have time to improve much since then we are discussing like now the hecton's best, and we... we have uh we have actually time to think things through uh uh uh we we did like a very complicated maze on mixing python with Java, JavaScript, and lots of stuff, because like different um different languages that everyone was more familiar with.
- 25:44 SPEAKER_04 But now that we are uh planning to do this for real, we're we're thinking about we've we're thinking harder about uh the the architecture, the the the language, uh the tooling.
- 25:59 SPEAKER_04 Um where for example we are thinking about in uh uh using Floresta, so you have the full node inside the the the tool itself, and uh so you don't need don't even need to to connect.
- 26:15 SPEAKER_04 I don't know if you don't use a full node, you would have a full node already with um with the tool, and uh with stealth, and you could have the same privacy without needing I don't know to okay I I want to understand my privacy also I need to, but I don't have a full node, so I need to buy uh a new computer, I need to buy some some some uh hard drives to store the blockchain, and so we we we want to embed Floresta in inside it.
- 26:46 SPEAKER_04 So so we are thinking a lot of this.
- 26:48 SPEAKER_04 The current state right now is it is uh proof of concept.
- 26:52 SPEAKER_04 It works and it's in um it's in uh repo from Georgia.
- 26:59 SPEAKER_04 He can uh we can share the link with you guys.
- 27:02 SPEAKER_04 I I believe that there was a link in the in the in the hackathon project that I shared on Twitter before.
- 27:10 SPEAKER_04 And uh right now it it only works in reg test.
- 27:15 SPEAKER_04 Why reg test?
- 27:17 SPEAKER_04 Because we needed to construct some wallets that we would know for sure that they had privacy issues, so we can demo to the judges in less than24 hours later.
- 27:28 SPEAKER_04 And uh so for example, we... we wouldn't be able to if we are going to look for random things we we we're we were using our own public descriptors right so we... we created uh... uh some wallet and imported their public descriptors inside the wallet inside the inside stealth and uh created the analysis according to the wallets that we construct so we know that it's catching the right errors that because we embedded the errors in these rec test wallets so we it's not for... for a main net yet but uh we won't we are talking uh we are discussing architecture and and uh development future development then soon it will be releasing for for for for testnet and then for maineth uh Georgi you're back yeah hopefully he's he's back and stable George are you able to take over with with the screen share and give us a demo okay if you could take us through right from the very beginning so that you know uh what a new onboard user would see right through the whole flow um and just while you're bringing up your your your your your your your your your your your screen share um um coco dude on YouTube is asking a question what is to stop the quote bad guys from using stealth example to use it as a tool to docs and address well um they already already do that they've got their own um far more complex software to do exactly that uh but it's all proprietary um the the plus point here is that stealth is completely the open source built by bitcoiners for bitcoiners so this is more of a tool to level a playing field rather than you know worrying about it being able to be used by the the the quote unquote bad guys um I I will add something more that to use stealth you need to put there your public descriptor and uh only your wallet has the public descriptor so unless you I don't know link your public descriptor somewhere say you send to someone on the internet and uh some some some some some some some some some some some bad guy gets gets it no one has this this uh public description so so stealth is only looking at your own wallet and so stealth has more information about you than for example some guy with a chain analysis tool because chain analysis is trying to infer uh the same things that is stealth is trying to infer but uh but they don't have all the information that you have from from stealth so so you can find um um your vulnerabilities first uh before then uh you can find your vulnerabilities before someone tries to find it on on uh on a chain analysis tool for example and try to fix and correct them great call out on great addition yeah very valid points all right judge over to you if you could walk us through each step and just talk us through what you're doing okay uh can you see my screen we certainly can okay so here's the start page from stuff and yeah paste sorry as you can see it's very simple uh it's just a a screen with a text box you paste your public descriptor that you um export from your from your wallet and uh there's just one button you always paste there you click the button and we i i lost your screen um
- 31:28 SPEAKER_04 Lost your screen.
- 31:29 SPEAKER_01 Um, yeah, I think that might have been me.
- 31:31 SPEAKER_01 My apologies, George.
- 31:33 SPEAKER_01 If you want to just bring it back up again, I was trying to hide the chat to make to maximiz the screen, and by the way, this is all private.
- 31:47 SPEAKER_04 Uh, this is local.
- 31:48 SPEAKER_04 This is this doesn't this is not running on uh on a server, anyone's server.
- 31:55 SPEAKER_04 This is running on your own computer, so you just open the software, it's on your computer, is not using the internet besides your your node, your bitcoin node.
- 32:08 SPEAKER_04 So you paste the wallet descriptor, the public wallet descriptor.
- 32:13 SPEAKER_04 You it doesn't even have to make any contact with private uh private keys, of course, and uh you paste it there and click analyze wallet, and it does everything for you.
- 32:29 SPEAKER_04 So it makes some analysis, and there is several uh flags, so from from36 analyser33 findings, uh for example address reuse, and uh there is the CIOH is uh is a label that uh that means that it's some some some some some some some some some some some sharing uh of your TXO, and uh it gives you uh this we... we of course we need to improve a little bit better uh uh uh to make it less technical to to make it easier for anyone to use it and not only uh bitcoin experts, but uh the idea is that you have this list of everything that we found, and we classify as it like critical problem. or maybe some smaller some smaller issue.
- 33:32 SPEAKER_04 And uh what is the exact uh uh transaction?
- 33:37 SPEAKER_04 What is the exact UTXO?
- 33:41 SPEAKER_04 And uh we also give a suggestion of what can we do to improve it.
- 33:48 SPEAKER_04 So there's this how to fix and uh in uh right now there is just uh... uh a sentence there like uh explaining a little bit, but we can we... we need to think a little bit more maybe we suggest already tools to use it like for example okay we can we can make it better if we use uh coin swap tool that there are there are already these options here for example that you can you can use it in with a link so you make it the idea is to be is is that it we want it to be like very simple and uh not not only that not a very technical tool that you can like analyze and geek about it and uh nerd about it, but but we want something that is very simple.
- 34:44 SPEAKER_04 You base it there, you read what's going on, what are the issues, and uh you you decide uh uh if you need to take action about this or not?
- 34:58 SPEAKER_01 Yeah, um George, could you just zoom in a little bit just so the... the viewers can see some of the... the comments that are um um when it says like how to fix and stuff uh be useful to to show that on the on the screen there we go um Breno what type of things are you look for obviously we can see some things on screen here we've got a dust label we've got a common input ownership heuristic which I'm sure is is is is commonplace for for the privacy crowd like what other things could this tool detect based on the wallet findings?
- 35:29 SPEAKER_04 Yeah, there's uh basically twelve different twelve different heuristics.
- 35:38 SPEAKER_04 Um there are some very common one that um long timer bitcoiners and uh even people that use good wallets don't don't commit these errors, like for example, reusing addresses.
- 35:53 SPEAKER_04 Uh but still there are some people that to this day,2026, are still reusing addresses.
- 36:04 SPEAKER_04 So we look for um reusing addresses, behavior, uh behavioral problems.
- 36:12 SPEAKER_04 Uh like for example, let's say that you let's say that you you you earn your salary in Bitcoin.
- 36:22 SPEAKER_04 Let's say your employee, employer, they pay you the first day of the month, two o'clock, um I don't know five thousand dollars every month, so even though they are very all different, um they are all different uh um uh uh addresses, and they are not linked in any other way, people can uh... uh look at it and kind of infer that it's you because it's every year, uh every month you're getting in the same from from from from from from from from from from from the same place, the same time, the same uh if they know for example the the wallet of your employer, and and uh it's much easier to know the the wallet of a company than to know the wallet. of a person because the the waller of a company I I'm I'm pretty sure that not long from here uh governments will demand to know all the wallets from companies and uh so so this is going to soon every every this information will be very easy to know and and uh very common to for example chain analysis too and uh so you need to so this is uh a simple behavioral um privacy leak that you might not even think about it but it identifies you in some in some way so time timing and analysis and an amounts are a problem what what do you think is a good way for people to deal with that now is it like receiving lightning or being paid in Monero or using pay join or like what's uh what's a good way round it if people are in that position or or obviously the other one is like the the the employer not to pay the employee at the same time same date every every uh month would be I suppose a way around as well um yeah we have to there's a I believe that there is no as I told you before there there's not a one single bullet uh that there's not a silver bullet there's different ways to to deal with it and uh one way certainly is to use pay join and uh but there could be problems in using pay join as well for example if you're using Page join all of the employees of the company will know each other's salaries.
- 39:31 SPEAKER_04 You know what like okay um now people from outside it's harder for for they to track you specifically but it's easier for you to track your colleagues you understand or pay nymphs or there's gotta be a there's gotta be a nice way that someone can deal with this um or lightning like we said before because yeah that is a big problem that that would cause big problems within a company and also with the tracking the other thing I've noticed in the mining space is a lot of people I don't know if it's still the case but we use reusing addresses or some even giving X pubs out um to uh to to get their payments come through which is also a pretty big problem um which is something where pay nims was a a nice option where they could get their payouts without having to reveal the same address each time yeah uh I think that for... for that case this case specifically one thing that could be a good option is to use silent payments silent payments is never it's not very it's not widely adopted yet but I I think this could be a very good way to to deal with it in the the thing is that it takes a while it's uh the there's like trade offs as I as I told you before but it it's uh it's a very good way to to deal with it but yeah um other like the the twelve that uh detections that we're using uh right now is address reuse so let's say you repeat the addresses of course uh multi-input ownership so if you're if you're use several different inputs in uh in a transaction we can it this can of course uh show that probably those belong to the same person uh also thending does there there's a common dust attack that people send a small really small dust uh transaction to you so they can start tracking what you do with them after you spend with more with more money later um also change detection uh one one one example of change detection is true address reuse so if you pay someone and uh you send the change to your own address again it's obvious what part is the change and what part is the actual payment so this when you when you detect this it this leaks a little bit of information about you uh there's also consolidation when you're consolidating your UTXOs uh they you basically link all your utexos together in uh so your best transactions become linkable um there some some some some some some some some some some some it you uh it u txo age spread as well uh so sometimes you have
- 43:16 SPEAKER_04 Uh sometimes you have a very old UTXO and you spend a newer one together.
- 43:23 SPEAKER_04 So they can infer, for example, how long you've been in Bitcoin space.
- 43:31 SPEAKER_04 So probably if you spend a UTXO from2013, they can infer that you might have a lot of Bitcoin, maybe and try to make some some some some some some some some some some some um some range attack for you um exchange origin of course uh uh if if you're spending something that came directly from an exchange or not necessarily directly but it came from an exchange um it can the exchange for of course will be able to track this this information and certainly chain analysis will be also being able to do it because chain analysis gets this information from exchanges uh uh tainted utexo merge and also some behavior finger fingerprints perfect thanks for taking us through that we uh I'm gonna hit a couple of uh listener questions some of them have come through live and some of them are pre-submitted uh thank you to everybody that has submitted questions either way uh this one comes from mask on Twitter um um and he said sorry I joined late but where is the cluster from I presume uh from everything that you said today that it's all internal to the addresses and coins within a specific wallet descriptor and their relationship to one another is that right yeah it gets from both wallet descriptor your public wallet descriptor and your your own full node so from your public wallet descriptor you can um um create the addresses and uh from in and... and get the utxos but after we get the uxos to understand the transaction history you need to source them from uh... uh from your bitcoin node so and that's the... the source of information all right perfect thanks uh we had a pre-submitted question from smoke over on twitter and um... um they said assuming that this runs locally which we've obviously established it does uh what does a finished product ideally look like could this be built into spiral wallet for example and this was my first thought actually when I saw this I was like you know Spiral already does a very rudimentary version of this where it detects sort of um address reuse within the active wallet but it feels like it could be made so much more powerful with you know implementing some of the logic that you've got here so how do you foresee that in the future um yeah I believe that this of course can be built inside uh inside an uh already existing wallet but I think that could be even more powerful if we can use in basically every wallet if we can just like export the the the public descriptor into this app that could be an app in your phone it's it's not very um um right now it's it's kind of big and heavy just because like we... we did it like rushing but we are going to improve it but it doesn't need to be it's it's could be very lightweight could be an app in your phone and also a desktop version so you just input your public descriptor there and uh it it does your what it needs to do yeah I think where where where where where where where where where where where this obviously the information itself is very powerful and what we can see on screen here is very useful I think the next natural link is is being able to take action you know, simple action based on what you can see here, because like when you see you know some of the warnings here, you you still have to get a base level of knowledge as to how to start and with obviously that that that type of action that you need to take is specific to the wallet software that you... you interact with.
- 47:30 SPEAKER_01 So for me, if we can bake this sort of uh logic inside the app itself, so that's you know um the action to actually fix the problem and prevent it going forward, it is much simpler.
- 47:41 SPEAKER_01 That's where you know this becomes even more powerful, and we get some sort of uh uh false multipliers.
- 47:46 SPEAKER_01 Um I know Seth has got a question to come in uh uh in a second, but before I unleash him, I'm just keen to hear like where you guys, other than what we've already covered off, where you'd like to take this next, is there any features or implementation details that you haven't gotten around to yet that are that are on the road map that you're able to to share with us.
- 48:05 SPEAKER_04 Yeah, sure.
- 48:06 SPEAKER_04 Um besides refactoring in and make it way better because uh it's it's kind of clunky.
- 48:15 SPEAKER_04 Um there's lots of other heuristics that we want to want to put in uh uh there's like time pattern fingerprinting uh uh amount, fingerprinting, like for example, you always spend the same the same amount uh uh in the in a certain time, and there's lots of uh this other heuristics that uh I think they're super useful that we could implement them.
- 48:46 SPEAKER_04 Uh but also there is of course like uh having uh main net support, having a mobile web, but also uh I believe that one thing that would be very useful is uh a natural cluster visualization, not only looking at the heuristics by themselves, like the UTXO as a long string, but if we look at
- 49:10 SPEAKER_04 String, but if we look as uh as a network of trans actions and understanding how they're linking together, it could be easier to understand.
- 49:21 SPEAKER_04 And also to improve the suggestions uh the the suggestive actions uh to take.
- 49:28 SPEAKER_04 Um they are they are very they're very um in like we... we didn't butch much put much thought in uh uh over them.
- 49:42 SPEAKER_04 We we we want to think a little bit more about them and and uh make them more precise specific and and more actionable.
- 49:54 SPEAKER_04 Yeah, ideally like one click solution, like click here and solve your problems.
- 49:58 SPEAKER_04 I I'm not sure we are going to be able to get to this point specifically, but this is the the end goal, like this is your problems, click here, solve them all.
- 50:11 SPEAKER_02 Yeah, one question I want to jump in on.
- 50:13 SPEAKER_02 I guess it's kind of two separate questions, but kind of two main things jump to mind here.
- 50:18 SPEAKER_02 One is like as someone building a wallet, this type of thing is something that I would love to surface to our users.
- 50:25 SPEAKER_02 Do you have any plans to make this stuff I like?
- 50:29 SPEAKER_02 I don't know exactly how you would make this extensible to wallet devs to easily implement.
- 50:33 SPEAKER_02 Maybe that's just documentation that explains how you detect each thing and some tips on how to do it, but it would be great to have something like this upstream in BDK and other Bitcoin SDKs that are widely used so that developers can easily expose like hey, if you make this transaction, this will show, or on this transaction you made in the past, you should be careful of spinning these UTXOs, or when you're in coin control showing these kind of flags would be really cool.
- 51:00 SPEAKER_02 So I'm kind of curious.
- 51:01 SPEAKER_02 I'll just finish with that first question and jump into another one second.
- 51:04 SPEAKER_02 Uh just kind of curious, like how you think about that, getting it integrated into other wallets and a spare wallet.
- 51:08 SPEAKER_02 integrated into other wallets.
- 51:09 SPEAKER_02 I know sparrow wallet was mentioned before, but I think there's a lot of Bitcoin wallets that would love to surface this type of uh really kind of security and privacy info to their users in a an easy to understand way, like you're doing here, but without requiring you to run a server, that sort of thing.
- 51:26 SPEAKER_04 That's uh that's a very good idea, actually.
- 51:29 SPEAKER_04 Um I I didn't think about this before.
- 51:33 SPEAKER_04 I'm not sure if Sharjian and Herb and Henato thought about it, but uh one way to do this now that you said it was to be would be to create a library.
- 51:52 SPEAKER_04 And uh uh uh separate library that we use for stealth but that is completely open source so anyone could use it and uh use it inside BDK or whatever uh other libraries that the you're they're using this is this is uh this is a good idea like separating the app itself from the heuristics catching like the vulnerabilities the vulnerability catching it's uh it's a good idea yeah I would I would love to see that I mean the like the main reason I ask is because I know most users unfortunately won't go to these links to run something like this.
- 52:37 SPEAKER_02 The hardcore ones will which is fantastic but I would love to see this type of information with just with how easily vulnerable you become from a privacy standpoint when using Bitcoin if you use it correctly.
- 52:48 SPEAKER_02 I would love to see this in every Bitcoin wallet so that you know you know a bit more about the issues that you're running into or what you've done in the past that could cause problems in the future that sort of thing I think would be really cool to surface.
- 53:01 SPEAKER_02 So definitely would love to would love to see that that kind of library created so we can do it more easily.
- 53:07 SPEAKER_02 Um, my my second question for you is just kind of like long term.
- 53:12 SPEAKER_02 How do you how do you expect to keep this project running?
- 53:15 SPEAKER_02 One thing that's tricky in the chain surveillance state is that chain analysis, etc.
- 53:19 SPEAKER_02 have hundreds of millions of dollars in funding.
- 53:22 SPEAKER_02 Like obviously you're not gonna get there, but what's your what's your idea for how long term you'll continue to iterate, continue to add new heuristics as they're developed or discovered.
- 53:32 SPEAKER_02 Is that something that you've thought about yet, or is this I knew this was spawned out of a hackathon where there's not normally a a long term vision of this lasting five years, but I'm just kind of curious how you're thinking about it evolving from a kind of arms race with chain surveillance companies perspective.
- 53:48 SPEAKER_04 Yeah, that's uh that's a great question.
- 53:51 SPEAKER_04 Um it it's kind of funny because when Herb and... and Georgie brought me this idea, they brought the idea just like okay, this is uh exploit edition, so let this is related to to exploits in bitcoin, so let's do this this idea, and like guys, this idea is amazing.
- 54:13 SPEAKER_04 We we we should like this should definitely exist, and uh regardless of hackathon or whatever, we should uh look for a grant to continue developing it.
- 54:25 SPEAKER_04 So this is my my first idea.
- 54:28 SPEAKER_04 I also thought about it a little bit on uh on like if would be a product for a company like if we could make a but I I'm I'm not sure if this could be like easily monetizable, but um in uh and also like if it wouldn't be bad for for the purpose itself, like if if I am charging you to to do this, like are the are the... the are... are you going to use it maybe you would but
- 55:04 SPEAKER_04 Are you going to use it?
- 55:05 SPEAKER_04 Maybe you would, but lots of people wouldn't.
- 55:08 SPEAKER_04 So I'm I'm thinking about I don't know, talking with uh some some some some some some some some some some some grants uh... uh like HRF uh uh uh spiral brink I don't know which one's been shown.
- 55:21 SPEAKER_04 And then uh based on that maybe after the the it's done it's it's like being useful not only in a in a standalone way but being useful for for other wallets and while it's starting starts to use our our standalone library for for privacy leaks.
- 55:48 SPEAKER_04 Maybe maybe like even the companies want to support it should because they're using it.
- 55:54 SPEAKER_02 Yeah, I mean I'll I'll say a couple things.
- 55:57 SPEAKER_02 One, like if... if you did create that and cake wallet started using it, we would love to help uh help make it easier for you to maintain long term, like that's something we've done with pay join, and don't page one v2 contributed upstream, and now we support the page join foundation.
- 56:10 SPEAKER_02 Um so the these types of things that it's not easy for you to build a business model around, but are that that that that that that that that that that that are vital to exist?
- 56:17 SPEAKER_02 Like yeah, I mean we would love to support that also if you do reach out to specifically anyone at Brink HRF or open stats.
- 56:25 SPEAKER_02 I'm more than happy to to um put in a good word for you as well.
- 56:28 SPEAKER_02 So please do let me know if you... you do that.
- 56:30 SPEAKER_02 I would love to see this get a grant, because it seems like the perfect kind of thing to get long term support for, so I can keep improving.
- 56:38 Awesome.
- 56:39 SPEAKER_04 Yeah, I just said here that she'd like to help.
- 56:44 SPEAKER_04 And uh there's an X here, uh but I I I cannot see her her her actual X handle.
- 56:51 SPEAKER_04 So but... but I believe that you... you know and you can uh use her, right?
- 56:57 SPEAKER_01 Yeah, no problem at all.
- 56:58 SPEAKER_01 I can make sure that uh you guys link up.
- 57:01 SPEAKER_01 Um we are already at time um these uh these are the things that we've got to
- 57:02 SPEAKER_01 Already at time.
- 57:03 SPEAKER_01 Th these uh these hours always always go very fast.
- 57:06 SPEAKER_01 Um guys, I just want to thank you for for building an awesome tool.
- 57:09 SPEAKER_01 I really look forward to um accessing it on Maine Nets that I can run it over my own uh wallets and see how good my privacy practices have been over the years.
- 57:19 SPEAKER_01 Um thank you very much for for building what you build and continuing to do stuff, particularly in the privacy space, which is uh very needed at the moment.
- 57:27 SPEAKER_01 So keep doing what you're doing.
- 57:29 SPEAKER_01 Um thank you to everybody that's also stopped by to um to listen and to watch and to uh post their questions, and I'll as always thank you to Max and Seth, my co-hosts.
- 57:41 SPEAKER_01 Um this has been Freedom Tech Friday, and uh we will be back with more of the same goodness at the same time next week.
- 57:47 SPEAKER_01 George A Breno, thank you very much.
- 57:49 SPEAKER_01 Hope you both have a great weekend.
- 57:52 SPEAKER_04 Thank you so much.
- 57:55 SPEAKER_06 Thank you for inviting.
- 58:24 SPEAKER_06 To everyone who boosted ask questions and participated in the show, we appreciate you all.
- 58:31 SPEAKER_06 Make sure to join us next week on Friday at9 a.m.
- 58:35 SPEAKER_06 PST and2 p.m.
- 58:37 SPEAKER_06 London.
- 58:38 SPEAKER_06 Thanks to Seth, Max, and Q for keeping it on government.
- 58:44 SPEAKER_06 And thank you to CakeWallet Foundation and my NIM box for keeping the ungovernable misfits going.
- 58:53 SPEAKER_06 Make sure to check out Ungovernable Misfits.com
- 58:57 SPEAKER_06 to see Mr.
- 58:58 SPEAKER_06 Crown's incredible skills and artwork.
- 59:02 SPEAKER_06 Listen to the other shows in the feed to hear Kareem's world class editing skills.
- 59:09 SPEAKER_06 Thanks to Expatriotic for keeping us up to date with boosts, XMR chats, and sending in topics.
- 59:20 SPEAKER_06 John, great name and great guy, never change, and never stop keeping us up to date with mining news or continuing to grow the Mestadel.
- 59:34 SPEAKER_06 Finally, a big thanks to the unsung hero, our Canadian overlord, Jordan, for trying to keep the ungovernable in check, and for the endless work he puts in behind the scenes.
- 59:50 SPEAKER_06 We love you all.
- 59:52 SPEAKER_06 Stay ungovernable.