Nostr Web Client

nostr:nevent1qqsdwucxszkkdt9uefmhcvw9dmf743j4qnmy9qlfy2fp8a4k3ddzzugpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygqapqs2chzvkdlt0ryt0p2lclt9t5pwtth8yvfuzht74l0w7x3h6vpsgqqqqqqscmpkrs

Sorry, not sure how to link this properly, but I answered someone else regarding LN vs Monero earlier.

As always, it's a matter of tradeoffs. I use both, and if merchants accepted both equally, I would end up defaulting to LN to up to about $1000 and anything else Monero.

It's not just about LN channel liquidity either, all LN wallets are hot, and I'm only comfortable holding so much in a hot wallet.

As Sowell used to say, there are no solutions, only tradeoffs.

Elephant in the root 1y ago 💬 4

The issue with Monero tradeoff is it will grind to halt once too many people use it. But sure, enjoy while you can!

Some problems you mentioned are applicable to Monero as well (e.g. IP address - just use Tor in both cases ffs) or are hugely inflated.

The biggest one is the ridiculous idea that merely being offline for too long makes you vulnerable. It doesn't. To steal an attacker must predict with very high probability whether you will be online the following x days, where x is configurable being 14 in many wallets IIRC. The attacker must literally predict the future. But I don't blame you, this idea is spread by even the otherwise smart bitcoiners.

Also don't forget that Monero has a bunch of problems. There are serious edge cases that can break privacy and it also historically had a catastrophic cryptographic bug that was luckily caught soon enough.

It's correct that there are only tradeoffs, however most people are not properly informed about all of them.

Reply to this note

Please Login to reply.

Discussion

Papa Figos 1y ago 💬 2

Same with bitcoin, neither one scales at it exists now. There's nowhere near enough block capacity for even 1/4 of people on the planet to open a channel in any timely fashion.

The IP issue is a bit different, in lightning your peer will know your IP, but also your channel id, balance, etc. Compounding that is the fact that the non-custodial lightning wallets (where you don't run a node on the phone a la zeus) that are more widely used, use trampoline routing. So they know who you're paying.

In Monero you have the issue where a malicious node can error out as you attempt to spend, and if you resubmit the tx one of the outputs in the decoys will remain constant, revealing that you own it.

As far as I know that's the only thing. But yes, at the network level, use Tor and to some extent mitigate either scenario (which 99% of users will never do of course).

The LN scenario leaks more info if you compare them side by side.

Regarding the funds potentially being stolen after 2w, it's not about the attacker predicting the future or not. It's about there being a constant risk as well as the incentive to do so.

Since most (99%+) channels are public, and since most user channels are not involved in routing, it is trivial for an attacker to monitor usage patterns and increase their odds.

I don't know about you, but for me I would not risk having on lightning any amount that I would regret losing in the first place, first because it's a hot wallet (pretty much the entire network is, really, which is yolo at its finest), second because a year from now when I check, the funds might just not be there anymore.

There is also the issue of upkeep. I don't run any LN nodes anymore because the hassle simply wasn't worth it.

Finally, regarding edge cases, yes they exist, but the known ones will be going away with FCMP soon™. They're easy enough to work around with, but I agree, it's a weakness. A small one in the grand scheme of things, but it doesn't have to be there - which is why they're going away.

About the catastrophic bug, yes, I am aware. And it was luck indeed.

But don't forget Bitcoin has suffered a catastrophic inflation bug (see https://en.bitcoin.it/wiki/Value_overflow_incident ) in the past, requiring a rollback of the chain (which never happened in Monero), as well as a host of serious bugs that would've ground the network to a halt (could link them here, but they're easy to find).

In other words, software has bugs.

Lightning, incidentally, has had its fair share of trainwreck bugs as well as potential ones (see https://protos.com/bitcoin-lightning-bug-could-jam-and-steal-millions-of-dollars/ and https://protos.com/bitcoin-lightning-network-users-could-have-lost-millions-in-jamming-attack/ and https://protos.com/researchers-discover-critical-bitcoin-lightning-network-vulnerability/ and dozens of others), further cementing in my mind that it's not worth it to risk having a lot of money there.

And because using lightning non-custodially implies opening channels, and each onchain tx is another nail in the coffin privacy-wise.. I end up defaulting to Monero most of the time.

Now, don't get me wrong, it would actually be less friction if I could use BTC privately without all the tradeoffs just mentioned, since I basically hodl zero Monero proportional to Bitcoin.

But I care about privacy as a human right a lot, and unfortunately Bitcoin and privacy rarely go well in the same sentence.

I wish that were different, but it isn't right now, at least not satisfactorily in my analysis, which is exactly why I use Monero.

Elephant in the root 1y ago 💬 1

It's not that much about block capacity (which is determined by Internet capacity, btw) but more about a computation. In Monero it'd roughly quadratic, in bitcoin it's linear. (I'm simplifying, it's not about precise numbers.)

If you want privacy on LN you need to use appropriately private solution. Complaining about shitty LN wallets is dishonest because shitty wallets exist for Monero too (sending the view key to a server). Side note: trampoline routing was specifically invented to protect sender's privacy. You're confusing it with something else.

Another Monero issue: if you repeatedly (at least twice) get your xmr from the same source that knows your identity (e.g. KYC exchange) and then use it to buy something from the same entity (e.g. dark market) and the data of the receivers leak (feds close the market) then it's possible for your money source (or whoever coerces it to hand over the data, e.g. feds) to track you down with extremely high probability. This vulnerability doesn't exist in LN. (I'm assuming in both cases you withdraw coins to your wallet first.)

The key difference between LN and Monero is if LN leaks only some entities get the information. Monero is stored onchain forever (e.g. the edge case above) which is quite ironic since Monero fans were criticizing Bitcoin for precisely this reason.

The incentive to steal on LN is pure fantasy. The thief is risking loss with quite high probability. And funnily enough, there exists incentive to trick thieves into attempting to steal because that results in reward. Thus it's safer to not steal.

I also don't get the obsession with hot wallet issue. Whether you lose money on LN with some low probability or to Monero inflation with certainty doesn't really matter much.

I don't understand why you replied to me replying to you saying that LN has bugs by pointing out that Monero has bugs too with mentioning Bitcoin has bugs too. You said it already. Everything has bugs, let's focus on design instead.

The irony in LN is that "public" channels are actually private and "private" are actually public. And whoever claims that 99% of channels are public is pulling it out of their ass because nobody sees how many private channels exist. And "public" also means "involved in routing", so you're contradicting yourself.

Monitoring LN is much more costly and complicated than people imagine. The attacker must provide many high-quality nodes that actually provide good service.

Also it seems you've fallen prey to another myth about onchain opening/closing transactions leaking stuff. It effectively doesn't. The information is super scrambled by the time you close channel, nobody can tell shit from it.

Finally, I don't understand your rhetoric. You mention that you want privacy for yourself but at the same time you're mentioning "most people". Which is it? "Most people" will never use Monero anyway, so why bother with them? Better onboard them on LN even with shitty wallets because they at least increase the anonset. 🙂

Papa Figos 1y ago

Really enjoying the debate here, but this one will take awhile to reply to, as you raised many points, and given the season, it might take me a few days.

Would you like to keep going? I can schedule typing a coherent answer at a later date.

Elephant in the root 1y ago

Right, it took me some energy as well, having a little break sounds good. 🙂

Hanshan 1y ago

You don't accurate explain the EAE attack thats possible on Monero.

its NOT "if you get Monero twice from the same KYC source (Eve) and use it with an entity cooperating with Eve"

more information below.

also the possibility of this attack will be eliminated in the next update of the Monero network.

Monero privacy guarantees are actually guarantees.

LN can't provide that and you

or most (all) end users

cant quantity WHAT privacy they have.

https://www.youtube.com/watch?v=iABIcsDJKyM

Saberhagen The Nameless 1y ago 💬 1

FCMP will introduce L2s if that is your worry. And if technology continues getting better and rate of adoption is steady, as it has been, that problem may never happen.

Monero is the only one that protects your IP address by default if you run your own node via Dandelion

Even Monero with "catasrophic cryptographic bugs" (not sure what you're referring to) still offers better privacy than Bitcoin with no bugs or current state of Lightning how the vast majority of users are using it. But yes I agree everything has trade-offs

Elephant in the root 1y ago 💬 2

What's your privacy good for if you lose the money you're protecting anyway?

It's quite strange how many Monero fans don't know history of it while simultaneously mocking bitcoiners for very similar events. I have the inflation bug in mind. I remember reading about it at some point between years 2016 and 2018, not sure more precisely.

Anyway, good that L2 is finally on the table. Dandelion was considered for bitcoin but IIRC it introduces DoS vulnerabilities. Not sure if Monero solves them or YOLO implements it anyway.

Papa Figos 1y ago 💬 1

But again, if we look at what actually happened, it's bitcoin that's had an inflation bug.

Monero had a flaw that luckily (and yeah, it was just dumb luck) was never exploited.

Back in the day bitcoin was rolled back and the billions of bitcoins created just vanished. Would that work today? Probably not. Or it would at least severely hamper trust in the system.

Bitcoin was very small back then, it's no longer the case and it hasn't been for awhile.

This to say, transparent or opaque, you can have inflation bugs all the same. And ironically (because the opaqueness of Monero is often criticized in the context of it potentially giving rise to such bugs) it actually happened in Bitcoin.

At the end of the day, there are different tradeoffs. In the case of this specific critical Monero bug that was not exploited, it was possible to scan the chain for exploitation of the bug. I am not 100% certain that this would be possible for every kind of bug of the sort, the answer is probably not - so it is an ever-present risk that Monero's supply might not entirely match the expected curve.

In short, Bitcoin's radical transparency doesn't *prevent* inflation bugs from being exploited, as its history shows, but the transparency does allow for quick detection of such an attack, at the cost of unintendendly (to be charitable) facilitating a mass-surveillance system, even though it is dubious that Bitcoin's reputation wouldn't take a massive hit if another inflation bug is exploited and the chain needs rolling back again..

.. whereas Monero's opaqueness doesn't *necessarily* prevent us from scanning the chain for exploits, at least in some of the potential scenarios - we know because this happened - while enabling every user to have pretty decent privacy and anonymity, with some edge cases (for the moment) which we already touched on previously.

As always.. there are no solutions, only tradeoffs.

All things considered, the wiser option to me seems to be holding BTC even considering the ever-looming possibility of another inflation bug, while spending Monero as digital cash whenever possible.

Elephant in the root 1y ago

By "lose" I meant the network being destroyed by the scaling issue and inflation that's already happening, not bugs.

Saberhagen The Nameless 1y ago

Monero could also implement a periodic turnstile to ensure supply is sound. But that's not a perfect solution either.

Saberhagen The Nameless 1y ago

Inflation bugs have nothing to do with privacy or scalability, but yes that will always be a problem with crypto in general. Although easier to detect Bitcoin is not inflation-bug proof as you know and once one is taken advantage of there is no good fix. You have to either leave the fake coins and devalue the entire network or hardfork them out and screw over users who gave away real goods and services for those fake coins.

afaik Dandelion++ fixed some of those original DoS issues

Elephant in the root 1y ago 💬 1

You should also put a table of how much the cost of running Monero rises with the number of users. In bitcoin the relationship is linear* with number of users. In Monero it's linear* with number of TRANSACTIONS. Huge difference, the number of transactions depends on number of users over time but also amount of economic activity. I estimate it's quadratic or worse with respect to number of users which is a huge difference compared to btc.

*linear - I'm aware of "The myth of RAM" and I know it's actually n*sqrt(n), I used it for simplicity of comparison. With the myth of RAM accounted, it's even worse for Monero as it's something like n^3 for Monero vs n*sqrt(n) for Bitcoin.

Saberhagen The Nameless 1y ago

Yep it's heavier and requires more resources vs Bitcoin I wont argue with that. Like I said I guess it depends how quickly one figures the rate of adoption and technological advancements will be.