> within minutes after withdrawing from a prior exchange
need I say more?
Discussion
its kind of moot,
hes just trying to create the impression they followed the funds through a 2nd hop.
ie making up data that doesn't exist.
when they explicitly say they just saw Bitcoin get deposited into a swap service and then Monero arrive on the CEX.
Man I really love this guy. Single handedly discrediting himself to all the observers he hopes to sway every time he opens his mouth. He wants to be a warrior against Monero but he's the wrong one do do it. He just doesn't have it in him.
well he's smart enough dont you think?
and I think he could actually be a good educator.
like if he tried to present the data without the spin doctor stuff he would be a useful resource.
but his bias makes it all pretty sad attempts at fud instead.
no clue about motive, it seems to just be confirmation bias.
for example afaict he honestly wants to believe this bust is really evidence of an EAE attack.
there's just no data to support that conclusion.
They say we shouldn't ascribe motive, but at this point I've seen enough that I, personally, am convinced that it is in bad faith. There's no way he genuinely believes that giving someone an address to send to qualifies as tracing, for example.
i dont know...
a really pedantic nerd maybe...
> There's no way he genuinely believes that giving someone an address to send to qualifies as tracing
I don't believe that
But I do believe monero would be more private if you did not have to give anyone an address
Every time you have to give someone data, it's a privacy leak
You've literally told me that giving someone an address to send coins to and them knowing how much they sent there constitutes tracking.
Mimblewimble doesnt have addresses. Both parties just sign a transaction. Are you a fan of that?
> ...and them knowing how much they sent there
This seems like.highly relevant additional context
Knowing where the coins go sounds very important to the concept of tracking
> MimbleWimble doesn't have addresses
Cool. I don't know much about mimblewimble yet, but that part sounds neat.
The sender knowing where they need to send coins is par for the course. You literally cannot even give me cash or gold or whatever without knowing what my face looks like or what my mailing address is. It's knowing what I do with it after that that matters.
> The sender knowing where they need to send coins is par for the course
Then change course
There's no reason to stick with the poor privacy options of the past, not now that we can do better
It used to be that you could not run a server without disclosing your ip address to your users
Then tor came out and you could run a server as a tor hidden service
It used to be that you could not run a DNM without disclosing your crypto address to your users
Then lightning came out and you can run a DNM as a lightning hidden service
Let's keep pushing and make things ever more private
> It's knowing what I do with it after that that matters
It matters that someone knows your cryptocurrency address. What if they testify in court against you that you gave them that address, and the prosecution demonstrates that it's private key was found on one of your devices? Suddenly it matters. The sender should never learn anything that sensitive.
I believe its a core information theory constraint that you cannot communicate with another entity without revealing some identifying information to them about yourself.
Maybe so, but some information is safer to reveal than others
Option A: the receiver gives the sender a one-time payment string, the sender pays it, and the the receiver irrecoverably discards every trace that he ever had the payment string
Option B: the receiver gives the sender a reusable payment string, the sender pays it, and they both keep the string forever
The latter is worse for privacy because the shared piece of data ties the sender and the recipient together, it stands as an everlasting proof that they interacted. At least one of them should discard it because if it is found on them both, it is evidence that they once interacted. But there is only one way for each to be sure that at least one of them destroyed it: destroy it yourself.
This is not encouraged in monero; on the contrary, the standard contact list feature encourages the sender to keep the receiver's monero address and reuse it, and the standard recommendation for the receiver is never to delete his private keys, because someone might send him money at an old address, not knowing he deleted the keys.
What you say is undoubtedly correct. It's where a stateless system like LN shines.
But then we still have big LN nodes (banks) that route almost all payments and can collect a lot of data. So we want to get rid of the requirement of using those as well.
Well, this is all 100% true. Us Monero dudes often say "this is a known issue and we are taught never to re use subaddresses" and while that's true, they're deterministically generated from our private key and so cannot be deleted, and it is taken for granted that we will reuse them so much that it is encoded in our UX for basically every client. Still, I would say that as a privacy shortcoming, this is the least detrimental one to have, but youre right, that doesnt mean it doesnt need a solution.
You might find this interesting, in MW, transactions are sent side channel and must be signed by both parties. This works like an ephemeral record of who is paid, all the sender has is an email address or something that they do not have to keep indefinitely, like option A above. The signatures are schnorr signatures and so what gets written to the chain is a combined signature that nobody but the parties to it can tell they were parties to it. And, ultimately the only thing that is needed for consensus is the UTXO set, so once the recipient spends the output it is no longer kept as a record, in contrast to literally all other blockchain protocols. The shortcoming with it is that this deleting of old transactions cannot be forced on all nodes, so while those transactions are not needed for consensus, a node choosing to keep them anyway can probabilistically put together a graph of counterparties from them over time. This is actual tracing by third parties and so the trade off here is not worth it privacy wise.
Subaddresses are deterministically generated, but have a massive space of 2^96 possible subaddresses per private key (virtually endless for all practical purposes). I could be wrong but I think you could technically choose a random range where the index would start. It would basically be impossible to find your transactions for an adversary even if they somehow got ahold of your private keys. I don't know any wallet that has this option built-in and not sure how practical it would be since you would have to save that index range somewhere along with your private keys. I think wallets should provide users an accessible way to do this though if they wanted to.
MW is great. There are no addresses on the blockchain, period, not even stealth addresses. I like Grin and LTCMWEB, and Beam is doing some cool things. But you already described the problem that an active malicious node could simply save that info in the mempool to put together a transaction graph. It would only be able to see from that point forward, but it is pretty weak privacy as far as hiding transaction graphs go.
probably worth noting that this has nothing to do with Monero specifically don't you think?
why do you spin the problems of blockchains as "monero leaks"?
A blockchain problem is a monero problem
wow
its almost like you want to create the impression these issues are unique to monero
cool cool
I don't want to create that impression
To say X is a monero problem is not to say it is *only* a monero problem
The website describes itself as a list of leaks monero has, not a list of leaks that *only* monero has
maybe you could go through and color code the items that are common to blockchain problems and specifically identify the ones that are weakness in Ring sigs and stealth addresses?
just a suggestion, I know everyone is busy
Thanks for challenging our lazy asses.
We need to do better. Adversarial thinking means constantly improving against (new) attack vectors.
Can we win you over to do stuff for Monero e.g. tinker how LN could look like on Monero post FCMP++.
Including interoperability between BTCLN and XMRLN which would benefit our community.