Replying to Avatar Super Testnet

Both of these stories start with exchanges telling the authorities what pubkey received their money. The fact that they *know* what pubkey received their money (and can prove it) is a design flaw in monero. Lightning fixes it.

Also, in both of these stories, after the money went from the exchange to the user's pubkey, the analysts watched the blockchain to see where the money moved next, and it went to another exchange with a probabilistic identifier marking the user's pubkey as a possible sender. This enabled them to contact that exchange and find out the user's identity, which led to an arrest in one case and better evidence for the charges in the other.

Lightning fixes this too, because not only does lightning not tell them what channel the money went into in the first place, but when it moves out of the channel, the analysts don't get to see that, because the transaction isn't broadcasted. So they never see the money go to an exchange and thus can never know to contact them to obtain the user's identity.
Avatar
Иван 8mo ago

Targeted surveillance is possible even with Lightning as well; it's just that the attack vector would be different. And that's not Lightning's fault either, just like it wasn't Monero's fault in previous cases.

Reply to this note

Please Login to reply.

Discussion

Avatar
Super Testnet 8mo ago

I like that I can point out how lightning fixes a privacy attack vector and the response is "ok but it doesn't fix ALL attack vectors -- there's probably some other one it's vulnerable to."

Yeah, probably. But even if other attack vectors exist, that's no reason not to fix this one. I think monero should fix it too, and I am glad FCMP is being worked on to hopefully do that.

Avatar
Иван 8mo ago

I don't see any major issue here that urgently needs fixing — it feels more like a hassle that just requires some extra steps to get around.

Even the sun has spots. 😏

Avatar
Иван 8mo ago

Aside from being a tool for your spy games involving heroin sales and the purchase of military secrets, Monero is also just a regular means of payment, and things like this theoretically make it easier to use. You can come up with several scenarios where this "vulnerability" automates problem-solving.