I made a website listing the types of data leaked in monero transactions and providing case studies of how these leaks contributed to the arrest and prosecution of various monero users.
Monero users should consider switching to lightning.
Discussion
Bitcoiner of the month - cause who doesnโt love some shitcoin slander backed up with proof? #Bitcoin
This is awesome!! Thanks!!
Nothing bad to say about the Lightning project, maybe except posts like these.
You just know the Monero community and contributors are solid as rock and their first priority is privacy and security.
Working with BTC and non-custodial wallets is way over the head for most normie's. Monero is clean and simple, people have no problems recovering an old wallet on a new app.
Thank you for your work to orange pill the monero maxis, they really are team Bitcoin and would be great additions in Bitcoin circles. Monero maxis are the only shitcoiners I really respect... but they're still shitcoiners
How does any of this lead to Bitcoin if Monero gets LN capability post FCMP++ upgrade?
If at all, I want a stateless network on top of a private store of wealth.
by the time you guys get lightning working on monero, who knows how much farther ahead we'll be by then? You bank on playing catch up but it's a losing strategy
Maybe. Maybe not. I use LN today. I use Monero.
The thing is Monero Bros are far more open to use the right tools for the job than Bitcoin maxis.
If Bitcoin doesn't get banned by the state and stays spendable in regulated white markets with LN is perfect for me. Bitcoin onchain or LN is just one trade away from my Monero stack.
IMHO, Monero lacks some key features that make it a viable long term Store of Value, at least in comparison to Bitcoin. Lack of widespread acceptance, decentration, and frequent hard forks introduce significant risks to its SoV status, specifically when it comes to geopolitical risks and long term nation state adoption. Arguably even Bitcoin has risks of developer corruption or capture, so to me, Monero is at even greater risk here.
nostr:nprofile1qqs2vrneurk665gq6a2rke572y7mc8ppwr5wnd60mw8fwxharc8xsycpzamhxue69uhhyetvv9ujuvrcvd5xzapwvdhk6tcpzdmhxue69uhhqatjwpkx2urpvuhx2ue06qyqh2 thoughts โฆ?
Certainly not a subject matter expert here, nor do I have the time to try and become one. I've seen ST's anti-monero tirade from a far and can make one or two fairly big assumptions.
1. It's likely much more nuanced than either side claims.
2. Using self custodial LN privately is a much higher barrier to entry
> Using self custodial LN privately is a much higher barrier to entry
Of the four UX hurdles I outline on this page (https://moneroleaks.xyz/), monero has all 4 of them and lightning only has 1, which is this: lightning users also commonly reuse the LN-equivalent of a monero address, namely, they commonly reuse the same pubkey in all of their invoices. Not to downplay that problem, but if you just go by the hurdles I mention on that page, lightning fixes 3 out of 4 of them and monero fixes none of them.
Four of the UX hurdles you mentioned for Monero are either misleading (IP leaks - a network level privacy issue that applies to anything using the internet including Lightning), a stretch (claiming "many" monero wallets share viewkeys - vast majority do not), and optional (address reuse and contact lists - every wallet I know of lets you label addresses and automatically cycles through subaddresses to prevent address reuse)
my bad, got you mixed up with Seth on monero ๐คฆ๐ฝโโ๏ธ
So monero is not as private as we thought ?
Watch "Breaking Monero". Its flaws are well documented for years.
Monero protects the privacy of the user. If you run a criminal enterprise you need to take care of the anonymity as well which means bullet proof OpSec.
Monero can only protect you that far. With FCMP++ Monero gets rid of its currently weakest link. It still means that without good OpSec people are leaking incriminating meta data right and left.
In today's world neither Monero nor LN alone are good enough to protect you. They are mere tools.
If my life was on the line I'd choose Monero with a couple of precautions over LN anytime.
I love that LN is stateless and I am looking forward to see payment channels on Monero. The less permanent data there is, the better.
This also needs to take in account the data that can be intercepted. Only because LN is stateless doesn't mean CA companies and intel agencies aren't running massive nodes collecting data permanently.
I know the real reason why people never get caught selling drugs via lightning
At this point we need to encourage some BTC maxi to try their luck with a LNDNM. It'll be a great chance to learn a couple of things.
I know you have a strong detaste of LN, while I am just curious. All things should be tried and potentially competing with each other.
Thanks to tail emission I don't need to worry that any custodial or non custodial off chain transacting will kill the coin. Unlike Bitcoin.
> At this point we need to encourage some BTC maxi to try their luck with a LNDNM
Got ya covered: http://sva5te372puuuyhnp4mrspewm76x2jqnzgctdfde474owrdonu4xyoyd.onion/
Your wait is over! Shopstr is an illegal drug marketplace that takes lightning
you really like lying in service to bitcoin maximalism
https://media.ditto.pub/bac044ffa6e2a2519ff705bb0885f3ae3449c600367217fb0b3cddcba0a0d3cf.mp4
seems like you need to learn to search better -- people sell drugs on shopstr
nostr:nevent1qqspmdspuvr9kc8ftk7fdnde707twcajvpexnsvxfcgaf42x9x22wzgkrykek
Oh god the bitcoin maximalism is corsing through my veins
I feel like there's a much bigger picture to the case studies than simply the fact they used XMR for transactions.
Is this meant as a joke?
If your are retarded it does not matter what crypto currency you use you will get caught buying drugs when the drug dog at the post office sniffs your packages.
Technically, someone just sending something to your address doesn't make you guilty. They can't get a conviction just on that. So what they do is tell you there's a package they couldn't deliver and need you to come to the post office to pick up. If you come and claim it, they consider that to be acknowledging that you expected the package. If you just insist you're not expecting a package and cut your losses, though, there's not much they can do.
Also, use the post office, not a corporate shipper like UPS or FedEx. The 4th amendment only restricts the government, not businesses.
Of course, with the Trump administration flagrantly ignoring the constitution, all bets are off. You should theoretically be safe, but... Maybe don't tempt the racist gestapo if you're not white.
If DNM used LN instead of Monero you will have a bigger list than that yo show ๐
nostr:nprofile1qqs0npwnpyvheqz7zuvuwvv9k460c0hyqlturds40hhfn34vufvehwcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcpz9mhxue69uhkummnw3ezuamfdejj7jjvevq nostr:nprofile1qqs0aup9twqg9r9g6dxrfmf6tjum97prck2qjpth6yksp0r8nz5a8ucppemhxue69uhkummn9ekx7mp0qyg8wumn8ghj7mn0wd68ytnddakj7qgawaehxw309ahx7um5wghxy6t5vdhkjmn9wgh8xmmrd9skctc8vntv7 nostr:nprofile1qqsgwucgya472r8fhta8uh3hfe8uha0fskdzryv0xjawl5qqw34h6dgpzemhxue69uhhyetvv9ujumt0wd68ytnsw43z7qgcwaehxw309aex2mrp0yhx6mmnw3shyepwdaexwtcpr9mhxue69uhhyetvv9ujumt0d4hhxarj9ecxjmnt9utrktrk
https://nostr.download/c16f1375ce0ae4426b9516acd118d4cb689d7874df47859987e428cecb0e148a.webp
Ive already read all of these
your very first "source" doesn't say what you claim it does.
show me where in
https://www.justice.gov/archives/opa/media/1352571/dl
they indicate "The Justice Department says they found the admin of Incognito Market by tracing his monero"
Don't see it anywhere in the document boss.
STNs standard operating procedure,
throw something together, lie about what the data says and make more work for the people who are interested in truth
Bro wants to work for the mockingbird media so badly it's not even funny.
In the cited document, look at pages 24-25, the section "LINโs Crypto Account-1 Received Marketplace-1 proceeds." In those proceedings, they show -- through a trace -- that Lin converted criminal proceeds into monero and then withdrew them to a monero wallet and then sent them to a KYC'd exchange to sell them.
They document 4 traces in subparagraphs i, ii, iii, and iv where he did this and they outline the technique they used to perform the trace. Then, in subparagraph vi, they state that they got Lin's identity because the exchange where they traced the money to had his KYC data, namely, his mobile number, his email, and his driver's license.
That is a trace where the identification and arrest of the target happened after, and due to, tracing monero.
If that's the case then it still has nothing to do with the feds tracing Monero, but instead is about using KYC exchanges i.e bad OPSEC.
Even the most anonymous cryptocurrency will not protect you if you KYC yourself.
> it still has nothing to do with the feds tracing Monero
It has everything to do with the feds tracing monero. You know why they knew he used that exchange? Because they traced his monero to it. If you stop them from tracing the money in the first place, they never learn what exchange he uses, and thus they don't know who to subpoena for user info.
They don't claim at all that they traced Monero. In fact they specifically mention tracing Bitcoin and DO NOT mention Monero at the top of the section just before they
"As described below,
Crypto Account-1 appears to have received substantial funds from Marketplace-1. Using software
tools, law enforcement officers have reviewed the publicly available Bitcoin digital ledger, as well
as the transaction history of Crypto Account-1, and learned the following, in substance and in part:"
They don't claim to have any transparency into his XMR transactions. According to them, they we watching the BTC blockchain, the swap service and the CEX.
LE got this information by identifying the person and their BTC addresses FIRST
And then watched them send their BTC through the swap and saw the Monero appear in their CEX account.
Zero transparency into the Monero transactions.
You are a liar calling this "tracing Monero"
And that's just the FIRST of your "sources"
this is exactly right. they were already watching his account in the CEX and saw the monero arrive there.
the moral is
"don't think that sending your surveiled Bitcoin through a swap to your exchange account makes them clean"
No it absolutely does NOT say that.
Subparagraph vi says:
"vi. Documents from the provider of Crypto Account-1 indicate that its user
provided Phone Number-1 as his mobile number, Lin Personal Email Account-1 as his email
address, and the below pictured Taiwanese Driverโs License as proof of identity. The below
Taiwanese Driverโs License, with redactions applied over certain identifying information, lists an
address in Taipei, Taiwan and the name is โๆ็ฟๅบ ,โ which is the Mandarin language spelling of
โRui-Siang Lin.โ In addition, the Taiwanese Driverโs License listed the driverโs license number
for โๆ็ฟๅบ ,โ (โLicense Number-1โ)."
Nowhere in the document does it claim they got his identity from tracing Monero.
In fact, according to this, you can't know if they traced Monero AT ALL, since it just states that he made swaps through to a CEX that had his KYC.
They make ZERO claim they had this information BEFORE they had access to his wallets.
You're lying for clout again.
when you see it all together like in this list
its clear that chain analysis has learned how to do basic poisoned output attacks against targets in the last few years.
everybody knew this was going to happen.
if you have that kind of targeted surveillance threat model,
and particularly if you move in and out of fiat often
you need to learn about the attack and probably churn your outputs.
#monero
Thatโs actually pretty eye-opening. A lot of people assume Monero is bulletproofโthis kind of breakdown is important. https://www.yachttrading.com/
I admire your dedication. It's neccessary to understand the flaws of an approach to find safer default settings and work arounds.
I have the belief that some of these things can and will get fixed in the future.
Looking forward to Monero getting LN capability post FCYMP++ upgrade.
I do not understand: "Every monero transaction leaks the amount received by the recipient to the sender"
Which payment method on the planet does not "leak" the amount the sender is paying to the receiver?
lightning
LN has prisms and atomic tx chaining, so the following scenario is doable: I buy the latest album for $10, not knowing that $5 of it went to the original artist and $5 went to the merchant. Thus, the sender doesn't know how much money went to the receiver and how much went to one or more other folks. Which is good, that's none of his business. But XMR needlessly exposes that private info to him.
where does that happen in real world?
Fountain App is a podcasting service with a feature called Splits where users pay a single invoice to "zap" a podcast they liked and the app automatically splits up the money to multiple recipients: https://support.fountain.fm/article/68-what-are-splits
See also Lightning Prisms: https://dergigi.com/2023/03/12/lightning-prisms/
Thanks. Whats the big advantage compared to the platform splitting up the payment? I pay 1000 sats to fountain and they split it up themselves, that way i also do not know how much each creator and the platform gets.
I think that is currently how fountain app does it
There are two possible advantages to doing it atomically, depending on how you do it: you can do it by atomically forwarding the funds to different destinations without telling the sender where the funds end up, which is better for receiver privacy, but allows the "middleman" server to steal by giving the sender an invoice that pays himself, without forwarding the money to the real would-be recipients.
Another way you can do it is, do the same thing except you *do* tell the sender where the funds end up, and include a signature from each recipient confirming that they will only reveal the payment preimage if they get their cut. By doing that, you give up on some of the receiver privacy, because now the sender knows the number of recipients, or at least a number of people who "claim" to be recipients (they could inflate this number), though he still doesn't know what amounts they get.
Whichever way you do it, you additionally break a heuristic that some routing nodes use to guess how much money was received in an LN payment; the heuristic they use is to guess that the ultimate recipient basically receives the full amount sent, minus some routing fees; but if you do an atomic payment split, how much the ultimate recipient gets depends on how the split is done, so the assumption no longer holds.
>"Many monero wallets share the user's "view key"..."
"Many" is a stretch. There are like one or two wallets that do this. Vast majority of Monero wallets do not. Cake Wallet even has a periodic background sync feature so you get the benefits of privacy from syncing and don't have to wait every time you open your wallet.
>"Many monero wallets connect to monero nodes via an RPC connection in order to broadcast transactions, thus leaking their user's ip address to whatever nodes they connect to..."
This isn't unique to Monero. It applies to any crypto, Lightning included, and anything that uses the internet. If you're using a custodial wallet or LSP you're leaking your IP to them. If you're using unannounced channels you're leaking your IP to the counter party. If you're using your own node you're leaking your IP to third party hops. Use Tor or a VPN.
Leaking an address to send monero to? You are most user get fresh addresses to receive on, right? And the transaction is not visible to anyone not directly involved at all. Rather large difference.
Stealth public keys are created continuously NOT a limited supply.
There is no such linkage stealth address and base wallet address that is visible inside a transaction and no transaction visible externally.
And all of this you badly try to make a weakness are part of and partial proofs of the massive privacy advantage of Monero over Bitcoin.
I hope Godzilla is okay
I donโt use monero and I wasnโt aware of most of the problems
Don't fall for it. Monero is defacto the most solid coin out there when it comes to utility, privacy, community with the most hardcore mathematicians working 24/7 to continue that path.
That is what these "agents" fear the most and why they spend so much time/money trash talking XMR.
I donโt see any โtrash talkโ or any โagentsโ. Iโm not familiar with monero so if there is a mistake in the statements I would appreciate when you name some other sources.