OPSEC using coinb.in?

If I download and run it offline, what other things do I need to do for mitigating risk? Is it generally safe other than the javascript in the creation tools?

thx!


Comments


[1 Points] sapiophile:

The main concern about JavaScript isn't so much the language or code itself, but its integrity and trustworthiness from the source. It becomes a problem when it is re-loaded every single time from a website, which can deliver modified JS at any moment, in any single instance of a visit to a website. That means you might use a good service 100 times, and on just one of them, the JS is modified (either on the server or in transit) to compromise your privacy, and you'd have little way to know unless you manually inspect every bit of code that's loaded every time.

So, when downloading and running JavaScript locally, the risks are much lower. I would say that the code should absolutely be GPG-signed by a trusted and authenticated author, but as long as the code is clean when you download it, it shouldn't cause any problems (excluding, of course, the possibility that the code was malicious or buggy to begin with).


[0 Points] lordredvampire:

Just hide behind a reliable and trustworthy VPN (like cryptostorm or mullvad) and you should fine. You're using JoinMarket to tumble coins, no?