While the possibility of UTXO probing via Payjoin is a valid concern regarding privacy, it's important to note that it might not always come without cost for the attacker. The Payjoin recipient needs to validate the initial request, ensuring the sender's inputs are broadcastable. This means the recipient could, in practice, broadcast the initial transaction even if the sender aborts the Payjoin. Furthermore, implementing strategies like maintaining a set of 'seen inputs' can make such probing attempts more easily detectable and less effective. While these measures don't eliminate the privacy considerations entirely, they do highlight that recipients have potential defenses and that probing isn't necessarily a risk-free endeavor for the attacker.

On Tuesday, March 25, 2025 at 1:48:15 PM UTC+2 /dev /fd0 wrote:

Hi everyone,

Sometimes we are curious and want to know about UTXOs in other wallets. Payjoin allows you to do this and the recipient would never doubt it because it's a privacy tool. It's possible to find UTXO in recipient's wallet without sending any bitcoin. It's called UTXO probing attack and described in BIP 77-78.

I have shared a demo with all the details in this [post][0]. I have used bullbitcoin wallet for testing this because it was the only [wallet][1] which supports payjoin v2 (send, receive) and testnet3.

I think users should be aware of this tradeoff and the information they share with the sender in payjoin. Payjoin should only be used with trusted senders.

[0]: https://uncensoredtech.substack.com/p/utxo-probing-attack-using-payjoin
[1]: https://en.bitcoin.it/wiki/PayJoin_adoption

/dev/fd0
floppy disk guy

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn%40googlegroups.com.