Nostr Web Client

So much bullshit, so little time...

lets start here,

mind showing me where on the monero website it says "users should delete and make an entirely new wallet for each use"?

Evidence against reusing a monero wallet: “If you need perfect unlinkability of your receivables, the only solution remains to use a separate seed (separate Monero wallet).” source: https://docs.getmonero.org/public-address/subaddress/

Evidence against reusing a monero address: “To prevent the payer from linking your payouts together [you must] generate a new subaddress for each payout.” source: https://docs.getmonero.org/public-address/subaddress/

Evidence for running a monero node, not a phone wallet: “It's always advisable, especially for privacy-conscious users, to use a personal node when transacting on the network to achieve the highest rate of privacy.” source: https://www.getmonero.org/get-started/faq/

Evidence of difficulty of using monero on tor:

Reply to this note

Please Login to reply.

Discussion

goatmeal 2w ago 💬 1

I don't understand why it's worth the effort to make a big deal out of the address reuse mistake. does lightning not have bolt12 and lnurl? if you reuse these, the sender will infer that it's you both times.

Super Testnet 2w ago 💬 2

> I don't understand why it's worth the effort to make a big deal out of the address reuse mistake

Because address reuse is bad for privacy (the monero website recommends against it) and yet most monero wallets are designed to encourage it

> does lightning not have bolt12 and lnurl? if you reuse these, the sender will infer that it's you both times

Yes, that is equally bad for user privacy

goatmeal 2w ago

I agree, address reuse is bad for privacy. but I have used multiple monero wallets and they tend to show a fresh, unused subaddress by default, just like most bitcoin wallets.

you can also tell which specific subaddresses got paid, and by how much. if someone guesses that you own different subaddresses and decides to pay you on the "wrong" one, you can see them doing that.

it's not very exciting to talk about opsec mistakes that are possible on both monero and lightning, or which can be easily mitigated. thry both have reusable addresses and neither of them forces you to reuse it.

additionally, tor is already baked into monero's electrum fork and it's a preview feature in cake wallet. some wallet developers have started looking at i2p as well. I am unhappy that it's necessary but I wouldn't exaggerate how difficult it is to integrate.

Super Testnet 2w ago 💬 1

Do those monwro wallets also show a contact list? Such features encourage address reuse, thus creating additional UX hurdles -- if you recommend a "user-friendly" monero wallet, you're probably recommending a privacy-harmful monero wallet

goatmeal 2w ago 💬 1

yeah, and these super dangerous wallets also have a way to export your seed phrase. this can be privacy harmful if you accidentally write it on your forehead

they have a way to view your transaction history and some of them let you export it to CSV. this is incredibly dangerous for privacy in case you make a mistake and fax it to the police station

2Pac 2w ago 💬 1

🤣

Legit lol at this

goatmeal 2w ago 💬 1

I found a critical vulnerability that affects all monero wallets. they display the transaction amount on the user's computer screen. this will leak information about how much cocaine the user buys if the chupacabra sneaks up behind them and looks at the screen.

I disclosed the vulnerability to the featherwallet developers and they have been ignoring it for 8 months!

none of the lightning wallets are affected by this vulnerability because you cannot use lightning to buy cocaine anywhere.

2Pac 2w ago 💬 2

Glad we can finally put this privacy debate to bed

😆

Oshi (推し) 2w ago 💬 1

Thank the lord

Hanshan 2w ago

its good for everyone to see the discussion happen ❤

Hanshan 2w ago

it would be a lot easier to have a discussion about it

if certain parties didnt disingenuously insist that obviously dissimilar things were comparable

it requires A LOT more explanation to make it clear to the non-technical person why for example, its harder to link spends in monero than for most LN users

BuT iT TAlkS abOuT uSIng a dIFFeRenT WAlleT oN gETmOnEro dot ORg

Hanshan 2w ago

So this is the point in the conversation where STN starts talking about problems with blockchain privacy,

but somehow makes it all about Monero.

i guess because the monero website talks about these problems?

and yea, transacting on an L2 solves some of those problems.

LN remains an beta-tested and largely ignored payment system and you don't know how it's going to play out.

for example.

in actually practice, since most users either have one big channel with an LSP

or are using phoenix or muun or something,

you don't have unlinkabiity of txs on LN EITHER.

GTFO with that bullshit

Super Testnet 2w ago 💬 3

> STN starts talking about problems with bbllpckchain privacy, but somehow makes it all about Monero

These problems apply to other blockchain-based privacy systems too

The fact that other terrible systems also have these problems is no excuse for monero

Hanshan 2w ago

leave it.

transaction unlinkabiity is better using monero subaddresses with the monero gui wallet or whatever

than with Phoenix or muun or any sovereign node with just a channel or two

and that's #facts folks

Super Testnet 2w ago 💬 1

Then how come I can trace my xmr transactions to you but you can't trace your xmr transactions to me? I'll even use Phoenix if it helps you

Super Testnet 2w ago

Oops, I meant "your LN transactions to me"

Hanshan 2w ago 💬 1

are you drunk?

that isn't what we are talking about.

YOU'RE saying because there's a possible *active attack* on a monero user that could be executed by a sophisticated adversary that could result in them linking two subaddresses together (OMG),

users should always send from a new wallet by default.

(which is bullshit)

and as if most LN users transactions aren't trivially linked together by their custodian or the one or two LSPs they have a channel with...

now you want to talk about knowing where the money goes?

well ok I guess

but you haven't said anything about your first FUD yet.

Super Testnet 2w ago 💬 1

> which is bullshit

If "create an entirely new wallet for every tx" is bad advice then maybe submit a PR to withdraw that advice from the monero project's website

> most LN users transactions [are] trivially linked together by their custodian or the one or two LSPs they have a channel with

I acknowledge that most LN users are not using it in a privacy preserving way. Do you acknowledge that most monero users aren't?

Hanshan 2w ago

And since I don't want to do a real long one of these and go through and count all the disingenuous bullshit,

just one more

thank goodness everybody now knows that you can avoid the trials and tribulations of passing those flags to your Monero node,

by just running a full stack lightning node.

Super Testnet 2w ago 💬 1

To get decent privacy on monero, you have to install and configure a monero node

Might as well get superior privacy by installing and configuring an LN node instead

Hanshan 2w ago

nobody who has even done both of these thinks they are equivalent ,

and you look dumb suggesting they are similar.

Yena 2w ago

Lots of more privacy problems listed on the OFFICIAL getmonero website. Lightning does not have these issues. Admits monero users will be POOR:

"If you use Monero but give your name and address to another party, the other party will not magically forget your name and address."

"If you give out your secret keys, others will know what you've done. If you get compromised, others will be able to keylog you."

"If you backup your seed in the cloud, you'll be poorer soon"

read it for yourself!

source:

https://www.getmonero.org/get-started/faq/#anchor-magic