ELI5: Why does Bitcoin have a “privacy problem” and what does something like Monero do differently that eliminates that problem?
Discussion
Without knowing much about the technicals, I believe it obscures/combines transaction signatures by default - like a coinjoin perhaps(?), hides node IP addresses, and generates new sender addresses as well as receive addresses
As for Bitcoin, if you don’t run your own node (and/or use Tor/VPN), the node you broadcast txns to can see your IP address, as well as your xpub and combined wallet balance, if I understand correctly
In a nutshell the means of receiving and sending is more privacy centric with Monero
The Bitcoin ledger allows tracing addresses through transactions back to their original issuance. This helps perform verification at the cost of privacy on that backward history as entities can log what they know about sender/receiver.
Monero uses a ring signature format which helps make those transactions more confidential for spends. Think of a group where anyone can sign but you cant ascertain who in the group actually signed. The amounts are also hidden and for receiving stealth addresses are used.
For Bitcoin to achieve some pseudo-privacy requires various forms of obfuscation. Commonly mixing and coinjoins, stonewalls, send to exchange/federation/hub and withdraw (that central trust point can in some cases correlate depending on time in and amounts), swap to other coin(s) and back
xmr is like btc with a coinjoin-like-function built in
It is much stronger that that. The built in "coinjoin-like-function" of Ring Signatures (15 decoys) are only 1 of 4 layers of Monero privacy tech. It is one of the weakest parts and only for senders. Dandelion++ also obfuscates IP origination.
The parts that make Monero really shine are:
Confidential Transactions completely hides amount
Stealth Addresses completely hides reciever
Simple example of a Monero transaction:
~6% chance Alice sent $[?] to [?]
Unlike simple coinjoins, the transaction graph connecting senders to recievers doesn't exist. Amounts are not available to analyze either. All you could know from just looking at a blockchain transaction is a 64-character string maybe signed a Monero transaction.
How much? To who? That is unknown.
* stealth addresses (receiving privacy, can be reused and don't reveal all txs)
* ring signatures (obfuscates which utxos are being used)
* confidential transactions (amounts are encrypted but still add to 0 for each tx and can be verified using zero knowledge proofs)
* network level anonymity by blinding ips using dandelion++
It's hard to prove you have apart of the fixed 21 million btc if you can't trace all the btc thru transactions to prove they are all real.
Montero prioritizes privacy over supply auditability
And thus it cannot be a store of value.
And I'd guess that it's difficult if not impossible to build a state channel overlay like LN, which then becomes more private than Monero with enough hidden nodes.
Encryption < not publishing private data.
A published ciphertext can be analysed. Unpublished data does not exist outside where it was exchanged.
This is such a hard point to drive thru to Bitcoiners. I feel it is more ideological than anything...
YOU
DONT
HAVE
TO
SAVE
WITH
MONERO
Use it!
*Today* and for the near forseeable future, Monero is much more private than LN. What good will future privacy do if you can be revealed if you use LN today?
In the future, LN is more private, since it is not recorded on a blockchain as you say *IF* (Big IF!) no one is currently saving that data. We know chain analysis is very likely saving that data! And we have no clue if central hubs are saving most network data!
Let us look at Darknet Markets. Increasingly using Monero. Soon to overtake Bitcoin. True skin in the game, their literal lives are on the line, and ultimate market test.
You can trace all bitcoin transactions. You just can't always say who was who. The UTXO set adds to less than 21 million, and always will.
Monero is not auditable and because of obfuscation has far less payment ledger capabilities. No RBF, so CPFP no fee market. If it got too popular it would end up with a nasty mempool bitrot problem.
It is probable the weak obfuscation of Monero is no stronger than chain analysis Vs coinjoins.
It's a one trick pony right now, and with enough LN on Tor or similar, obsolete.
The main claims relate to darkweb arrests. But most of these depended on a lot of evil nodes on the anonymising network and had nothing to do with Bitcoin. UTXO is mostly private.
If you want more than this, please donate to Indra so we can bring scalable privacy to the internet.
See my profile for info re Indra.
Monero relies on pedersen commitments and range proofs for auditability. Its built on the foundation of sound cryptography from the 80s. True, you cannot just look at the blockchain like Monero and do "simple math" to add everything up.
But then again, what bitcoiner does that? They just run a node and pay no mind just as Monero. No bitcoiner is making sure every new block (all inpus) = (all outputs). So in practice that is a weak point.
RBF has it's own trade offs. Where 0 conf payments use to be pretty safe for small amounts on btc, it makes them way riskier and lowers convienience/useability in that respect.
Monero doesn't only have obfuscation...you are very misinformed sir. Sender is the only part that is obfuscated thru ring sigs. Monero uses ZKPs/encryption for amounts and recievers. There is no connection graph linking senders and recievers. There is no amount analysis either. Simple examples:
Monero: ~6% chance Alice sent $[?] to [?]
Bitcoin Coinjoin:
[Alice, Bob, and/or Carol] sent [$X, $Y, and/or $Z] to [Dave, Eve, and/or Frank]
Encryption > Obfuscation
Monero privacy is much stronger than merely coinjoining where the range of possible amounts and connections is completely available. There is always potential to combine with future data to deobfuscate a coinjoin tx. And it has happened many times.
https://www.wired.com/story/silk-road-bitcoin-seizure-james-zhong/
I think I linked the wrong article. Here is the correct one: https://blockworks.co/news/silk-road-hacker-sentenced
Bitcoin is a public blockchain. Monero is not. So naturally Monero has stronger privacy and all by default. Trade off: not as strong/simple/transparent auditability as bitcoin, but it can still prove all inputs and outputs equal out to 0 thru complex math via pedersen commitments and rangproofs.
Bitcoin relies on coinjoins for privacy. But nothing is hidden. All possible connections and amounts are available to parse with future data and deobfuscate a coinjoin. There is a whole industry dedicated to it. Chain analysis. Example: https://blockworks.co/news/silk-road-hacker-sentenced
Monero transaction graph between senders and reicievers doesn't exist. And analysis of amounts doesn't exist. Example:
Monero transaction: ~6% chance Alice sent $[?] to [?]
Ring Signatures: obfuscates senders
Confidential Transactions: completely hide amounts
Stealth Addresses: completely hide recievers
Dandelion++: obfuscates IP address a transaction orginated from
