Since you can make new wallets at any time to spend from, the key is paying your btc into a wallet that others are paying into, and then extracting multiple different amounts to new, different wallets (and then using those for spending).

If I have two accounts, one with 0.5 btc (newly created, never tracked by authorities, purchased with a relatively disposable account from somewhere like virwox) and one with 1.5 btc (potentially tracked, need to launder it), I'd pay both into a tumbler and then extract into 3-5 different accounts (like 0.2, 0.45, 0.9, 0.18, and 0.27).

How do you prove, as a tracker, that those 5 accounts paid out to, involve btc from the original 1.5 tracked account? Especially when you consider the hundreds of other accounts being paid out to at the same time.

Still paranoid? Rinse and repeat.

> Since you can make new wallets at any time to spend from, the key is paying your btc into a wallet that others are paying into, and then extracting multiple different amounts to new, different wallets (and then using those for spending).

1mdc was a similar service to this that I used as did many others about 10 years ago for the purpose of obfuscating and anonymizing e-gold transactions between various accounts. http://en.wikipedia.org/wiki/1mdc

One interesting comment from the wiki page: "1mdc's e-gold was held in unallocated (pooled) storage (in several e-gold user accounts) which allowed for extra privacy from e-gold's administrators. However, this increased storage risk, as the client had no precedence on the e-gold they entrusted 1mdc to hold, and there was virtually no way for a user to ensure that 1mdc is maintaining full reserves of their e-gold."

Zenocoin argument stands. If you have access to the full bitcoin chain, can you write a mathematical proof that allows one account to transfer anonymously to another account, without using a "tumbler" mixed account?

IMHO, you can't.

That's the flow in anonymity, because, how do you ensure the tumbler properly operates? There is an incentive to try and "steal" from the tumbler pool.

Even if it works, the tumbler could be marked as "tainted" - or any undeclared BTC account by default could be declared tainted, and taxation imposed on any incoming bitcoin, unless then come from an untainted account to another untainted account.

The same logic currently applies in the real world - ie if you receive say 500k wired to your account from an account in the cayman islands, the taxman will want to have a word with you.

Do you see the logic there? It was previously discussed in the thread reference in the original message.

> Zenocoin argument stands. If you have access to the full bitcoin chain, can you write a mathematical proof that allows one account to transfer anonymously to another account, without using a "tumbler" mixed account?

Surprisingly, yes: that's exactly the accomplishment of Zerocoin, though it's currently too inefficient to be practical. (It still requires many participants, but the "tumbling" is global and does not require any trusted pool.)

There's also the fact that there is zero incentive to use a tumbler unless you're doing something that you don't want being tracked, since using the tumbler has a non-zero cost.

wanting anonymity does not imply guilt.

it s not the case that if you have not done anything wrong, then you have nothing to hide.

But guilt does imply wanting anonymity, and because actually setting up secure anything is hard, J. Random User isn't going to really do it.

Look at how hard it is to get many people to set up a password manager, or encrypted email. You can't hide in the crowd if the crowd isn't there.

Correlation doesn't have to imply causation in order to give you an accurate prediction.

Indeed, it does not. However, there does not seem to be much of an incentive to pay the tumbler's fee if someone has nothing to hide, so it's likely that only people who do have something to hide that will use such a service.

I think the basic idea is that you have a whole bunch of people who want to launder money (and maybe some who don't). They all transfer into a single wallet, then they all pay separately from that wallet. Now it's impossible to tell who paid what on the other side

So then it becomes a gentleman's agreement on who owns what proportion?

Yes, as everyone knows, money launderers are gentlemen, who will stick to their word in a gentlemen agreement.

And this valuable process will be generously provided for free, by another gentleman, thus making the whole money laundering a costless operation.

Basically, this whole complex service will fully guaranteed by the trust each money launderer have on their good fellows also engaged in this benevolent operation.

Even without any government action or the tracking of tainted/untainted accounts, I just don't believe it may ever work that way - not with human beings at least :-)