Update: since the writing of this article, TorWallet’s developers have ceased communication and the service is not processing withdrawal requests, and so the site is with overwhelming probability a scam. Let this be another reminder to all Bitcoin users: anonymously operated financial services are in almost all cases not to be trusted.
The latest online Bitcoin wallet to come out, TORwallet, is, in simplest terms, a combination of Instawallet and a Bitcoin mixing service (or “tumbler” or “laundry”, as the concept is sometimes called). Just like with Instawallet, the service works by generating a random URL for each new wallet, and showing a Bitcoin address you can deposit to to add funds to the wallet onscreen. Once you deposit money, all you need to do to withdraw it at any point in the future is to revisit the same URL, enter the destination address and click “Send Bitcoins”. The other defining feature of the wallet, the mixer, mixes your bitcoins into a large pool and then sends you bitcoins back, but ones which are not linked to your original coins in the blockchain. Essentially, for an adversary who has not compromised TORwallet, the task of linking your new “laundered” bitcoins to the old ones becomes nearly impossible.
While the idea seems convenient at first glance, the effectiveness of this implementation can be called into question. First of all, the representation of TORwallet as an “anonymous mixing bitcoin wallet” is somewhat misleading. One would expect such a wallet to carry out its mixing functionality automatically and behind the scenes, so that user could be comfortable in the knowledge that the “mixing wallet” is doing the mixing for him, but in TORwallet this is not the case. For mixing to take place at all, the user must activate the feature manually by clicking the “mix coins” button and paying the greater of 3% of the amount mixed or 0.5 bitcoins as a fee, making the “mixing” and “wallet” functionalities essentially completely separate. This particular way of implementing the mixing functionality is highly problematic not only because of usability, but also because it limits functionality; what if a user periodically deposits new coins that need to be exchanged for “clean” coins and does not wish to pay a 3% tax on his entire pool of savings every time he does so?
The wallet’s security model, a copy of that used by InstaWallet, is also problematic. The strategy of using the URL as the password is highly problematic, since it means that anyone who gets access to your browser can simply look through your history, open up your wallet and drain it within seconds. Accessing the wallet only through a private browsing mode (which the Tor browser bundle does by default) solves this problem, but also creates the problem of having to find a place to store the URL. To prevent attackers from easily finding it with a simple file directory scan, it would have to be stored encrypted, and at that point what you have is simply a more cumbersome version of a proper username/password authentication framework like that used by secure wallets like Blockchain. This is not to say that Instawallet is worthless; the wallet’s extreme usability makes it an ideal candidate for users who are just getting started with Bitcoin or don’t have time to set up an account at a more advanced alternative. However, Instawallet themselves recommend that you “please do not store more than some spare change here,” and since TORwallet’s fee structure implies that they expect people to be storing more than 16.7 BTC ($100) with them, they would do well to listen to Instawallet’s own advice.
Both of TORwallet’s key functions have superior alternatives as separate entities – Bitcoin Fog as a mixing service, as it takes a smaller fee (randomized 1-3%) and a smaller minimum (1.00 BTC withdraw with no fixed fee component), and Blockchain is a stronger wallet. Furthermore, there is even a service which can be described as a mixing wallet done right: Silk Road. The Tor-based black market auction site employs a secure mixing service intended to be safe enough even for users engaged in illegal activities for all bitcoins passing through the system, and includes the send, receive and storage functionality needed to make a basic wallet work.
The last problem is that of trust. As we know from the examples of MyBitcoin and Bitscalper, anonymous services whose only function is storing money cannot be trusted simply because the profit that they would earn from running away with everyone’s coins at any point is sufficiently high compared to the profit that they expect to earn in the future by acting honestly that it often is expedient for them to disappear. Deposit accounts can still be trusted; if the provider provides enough information about who they are and where they can be found, the threat of law enforcement will shift the calculus toward honesty, and even some anonymous services can be trustworthy. In the case of Silk Road, for example, users only need to store change in the service for a few days, and the owners have an effective source of fees, the future expectation of which is sufficient to continually entice them to conduct themselves honorably. TORwallet, however, is intended to be a long-term money storage provider, and has chosen to maintain their anonymity, placing them on par with Bitscalper in terms of the level of trust that they presently deserve.
The one feature that TORwallet does have over its alternatives is its direct accessibility through Tor as a hidden service, something which no other online Bitcoin wallet (except Silk Road and its ilk) has available. Aside from that advantage, however, the service has a long way to go in terms of implementing a reliable framework of security and trust. One suggestion would be to switch to a Blockchain wallet security model, where the wallet is stored encrypted and all calculations are done client side, and to seamlessly integrate the mixer into the wallet as a deposit mechanism – the wallet would show a deposit address where users can send their funds to, which automatically triggers a mixing service which sends randomly sourced bitcoins to the wallet that the user controls perhaps less a 1-2% fee. This would solve the trust problem and the security problem while making it much more of a true “mixing wallet” at the same time. Abandoning the Instawallet URL-as-password model for something more secure is another necessity. As it stands, however, there are much better alternatives for the functionality that it provides.