its not totally useless.
you can see where that stealth address pops up as a *possible input in the future.
you just dont know if its a decoy or a true spend.
nostr:nprofile1qqsd4dkxqewy8xum47ctpu0ltgxxsfemeewpjkdyzk9ddfcg286s0dsppemhxue69uhkummn9ekx7mp0qywhwumn8ghj7mn0wd68ytnzd96xxmmfdejhytnnda3kjctv9uq36amnwvaz7tmwdaehgu3wvduhq6r9wfc82mnt9e6x7erp0yhs4deh46 illustrates this technique here
But shouldn't it be statisticallly impossible to determine if its a decoy or not, if decoys are selected in an intelligent manner (ie. in a random distribution)?
thats basically correct
but theres nuance, as always.
Because we know the age of outputswWe don't want a *completely random distribution* we want a distribution that matches the age distribution of *how people actually spend*
But we don't know how people actually spend because everything is obfuscated
What we can do is guess and do statistical analysis on how we *think people spend and compare that to what actually appears on chain
As I recall STN's Monero tracing tool (which doesn't actually trace Monero 🙄) heuristically identifies old outputs as the likely spend because the generally used decoy selection algo is biased towards recent outputs, making old output stick out.
That sounds like a glaring issue. Are heuristics like that any good?
nobody knows, which is kind of the point.
pretty much every agrees that older outputs are more likely to be cold storage or lost coins or whatever.
but nobody knows *how much more likely*
theres considerable debate if it's even knowable at all.
so for now, its just comparing a guess about what someone thinks the real age distribution of spends should be
against the age distribution that appears.
decoy selection is hard and this has always been a problem. which is why Monero will move to full chain membership proofs and dump ring signatures altogether.
Check the video. If you do three purchases and then there's a single transactions that has all the three txout in their ring sets, it's probably a sweep transaction spending all three outputs, the chance of all three selected as decoys randomly is almost zero.
If you know the address, you can poison it by sending some XMR to it and then you can identify the spend with almost 100% probability - if they choose to use them in the same tx.
So you come from "no one can see anything" assumption to "I need to do coin control to keep my privacy".
So what's the fix? That like something that's easy to accidentically do...
use Feather wallet and manually churn each output at random times 😕
consolidate in a similar fashion, 2 outputs at a time
Exactly. And donate unwanted spam small Monero to GrapheneOS foundation.
The thing is - you can't just ignore it and assume Monero solves privacy problems for you like magic.
BTW: I think also Cake has coin control
on that note
I use another mobile wallet, Monfluo (fork of pokkst's Mysu) which also has basic coin control.
I wish I had the problem of incoming spam transactions...
If you have multiple outputs you can combine them two at a time at random intervals until you end up with 1 output. Then churn that a few times. I keep all my monero in one output.
