Community, what is the current state of data protection-related border inspection posts?
- CoinJoin Related:
- Adam Gibson's SNICKER design, which allows a simple unidirectional CoinJoin construction.
- BIP 79, Bustapay, a standard for CoinJoined payments.
- P2P improvements:
- GDP 156, Dandelion: Routing of resend transactions some hops before sending.
- Draft for BIP 324: encryption of the P2P layer, making the origin of the transaction more difficult for passive attackers to find
- Design for Erlay GDP: (less privacy-oriented) introduces a less targeted, lower bandwidth transaction broadcast mechanism
- Consensus rules:
The first sentence of these are not consensus or protocol changes in the Bitcoin network. These are just standards that Wallet can implement to improve the privacy of their own transactions. There are many other techniques that may or may not be implemented by wallets that have not been written as formal GDPs. Read this great article on Chris Belcher's Bitcoin.it wiki for an overview: https://en.bitcoin.it/wiki/Privacy
Is there anything on the core developer roadmap to be implemented in the main chain within the next year?
Data protection is a complex issue, and while at the protocol level, there may be some things in which core developers may be more involved, there is much more to do at the wallet level. The Taproot proposal is an example of a protocol-level change: it aims to improve another type: privacy in the chain. This is the problem where the type of scripts your wallet uses on the network tells you what actions it is taking (for example, Multisig, Lightning, 2FA, …). The goal of Taproot is to ensure that in cooperative cases, all transaction issues and inputs are indistinguishable. This is completely different from the type of data loss that CoinJoin treats (which exposes the connection between transactions).
I doubt anyone can tell you when it might be activated on the network. That's because of the community.
And regarding mimblewimble: Are you aware that I'm starting from the latest researcher claims about a broken privacy model from mimblewimble?
I think that's a very confusing statement. Mimblewimble itself does not offer any improvement in privacy. It's an improved design over confidential transactions (the is a privacy method (hiding transaction amounts) to improve scalability and allow for non-interactive CoinJoin.
If you look at the original paper Mimblewimble by Tom Elvis Jedusor or the more formal paper by Andrew Poelstra, you will find that privacy is only mentioned in the context of what is provided by CT or activated by CoinJoin.
CoinJoin itself is not broken, but how it is used is very important. Properly used, participants interact privately to co-create a single transaction that, when exposed to the public, can not be broken down into the contributions of individual participants. CoinJoin was used in a particular mimblewimble implementation in the public network, It should be obvious that this does not give anyone who observes the network privacy as it can easily see all the individual contributions to transactions. This is not a bad idea, just a gain in scalability. For privacy reasons, CoinJoin must also take place elsewhere.
So again: CoinJoin is not broken; it helps if used properly. Mimblewimble or its privacy will not be violated either – Confidential transactions and the possibility for non-interactive CoinJoin are great. Mimblewimble also enables non-interactive CoinJoin, which also happens to be used as a scalability enhancement, but does not improve privacy when run publicly.
Well, I think the current border control posts all have somehow a mimblewimble-like or CoinJoin-like approach to privacy, right?
They do not "solve" the privacy. Privacy is a goal that needs to be achieved, but it is diverse and not resolved by a single technical element. Essential parts of the privacy concern education and incentives, not a miracle technology that suddenly hides everything.
To my knowledge, nobody seriously suggested mimblewimble in Bitcoin.
Does BOgatty's quote also apply to current data protection border inspection posts (or to the majority of them)? Without arguing whether it is a mistake or not, the basic fact is that the current data protection GDPs have this approach to "place transactions in a single CoinJoin"?
No, since this does not apply to CoinJoin. This is true for the use of scalability enhancement, which is inherent in mimblewimble implementations and has been misrepresented by some as gaining privacy.
Would be nice if someone with Bitcoin can clarify the state of privacy or the future state.
It's hard, but we'll make it.