I mean... he has shown pretty compelling proof
Discussion
and even *he admitted it was a result of timing analysis and NOT becasue they had compromised monero.
Monero's weaknesses are why it is compromised:
- timing attacks
- merge analysis
- recency bias
- unencrypted recipients
- unencrypted senders
- amounts only partially encrypted
- all transactions permanent & public
- senders know where they sent their money to
LN is just so much better
Timing attacks:
are trivial *on LN* with over 90% of the network being custodial. And also mitm attacks extremely possible.
Timing attacks are a possibility everywhere and depends on the surveillance conditions. It's a lie to say that on LN you don't have to worry about it.
Merge analysis :
Sure this can be a thing when you have a blockchain. As you're aware, fcmp fixes this.
But it's a complete lie to suggest that it's possible to establish what txos belong to who. This is a heuristic which *could* suggest probabilistic correlation.
Recency bias:
I'm assuming you mean the decoy selection algorithms. again a *possible heuristic*. one that absolutely nobody could establish the weight of. Again fcmp fixes this.
Talking about unencrypted senders and recipients is just completely disingenuous.
Here's fluffys scorching ridicule on X
https://xcancel.com/fluffypony/status/1824433941459157115
Amounts only partially encrypted is just a straight up lie. I think you mean to say that "the fee is visible by design"
Transactions permanent and public:
Blockchain 👍
Its is a lie to suggest that it is public, since addresses, recipients and amounts cannot be read by third parties.
Equally disingenuous to claim that senders know who the receiver is.
The address the sender uses never appears on chain and the stealth address will never appear again.
conjoin 😂
Would love to hear you discuss with nostr:npub12qz56plzehejkyp4waaannmnny4y4c30j8q55a3wlk49haslga2snypdx8 on good pod
I still think the mining algo will compromised again one day.
Fool me once...
Yes
to me the most compelling evidence he showed was the video where the person at chainalysis explained how they can trace monero transactions. the same thing cannot be done with lightning (especially bolt12) because there's no single source of truth
1) show me where he actually linked that video. he didn't (and wont) because ot plays like a monero commercial.
2) here is that video. actually watch it and you'll see that they CANNOT "trace monero transactions." unless someone has connections to their malicious node without a proxy they aren't getting significant data about a sender.
https://v.nostr.build/D4Nzp22vRF35IRnz.mp4
3) you have no idea, as an end user , what privacy protections you are getting in any given LN tx. bolt12 is awesome and I look forward to to actually being functional tech. Until it is implemented and battle tested, it is NOT a privacy solution.
I linked to the video here: nostr:nevent1qgszrqlfgavys8g0zf8mmy79dn92ghn723wwawx49py0nqjn7jtmjagqyz8k23pc2ya8gjx5xdfludr2sj4mrs3lfqlwskc34n7w2whce757kngz4v8
It's not a monero commercial, it's a nail in monero's coffin
Now do how many people have gotten busted for using bitcoin.
Que the song 
I don't think that video is the flex that you think it is. Granted this is well outside of my wheelhouse, but even the guy in the video admits multiple times that he's not really finding that much information. He also admits that this was from before. Whatever new XMR implementation dandelion is. I would assume that would make it even more difficult. That guy did not do a very good job of selling its ability to track XMR
I'm just trying to learn but that video is kind of a good commercial for XMR and is far from a nail in the coffin
After I've read these articles I think there is no general algorythm an/or toolset to analyze all possible Momero transactions. These cases spotted that there were some additional a-priori imformation about the suspects, therefore the law enforcement firms analyzed specifically the suspicious transactions.
> you have no idea, as an end user , what privacy protections you are getting in any given LN tx
Still looking for an LN tx? All day I've been asking monero users to show me an LN transaction and identify the sender, recipient, and amount. So far they haven't even found a *transaction to analyze.* Care to step up?
explain to me how
as an end user,
i should assess the privacy of ANY given LN tx.
I'll wait.
this
"if some rando on the Internet can't trace a random tx, it must be private"
game doesnt prove jack shit.
there IS **NO** lightning network TX. It does not exist.
you **can** cryptographically verify that intermediate nodes can't determine the recipient's identity, but there is NO public ledger of all the transactions.
there's no obscurity or hope, I recommend you to actually read about how lightning works, because you seem to have many misunderstandings
sigh
heres the standard info bro
yes I am aware it isnt a blockchain.
as an end user, i am making a transaction.
If I cannot evaluate my anonset before sending, It is not a good privacy tool.
https://www.voltage.cloud/blog/lightning-network-privacy-explainer
there is no anonset the way that it's there in monero.
when you generate a lightning invoice you have:
- a pubkey that says where your money needs to end up
- a signature proving the invoice is legit and hasn't been messed with
- a payment hash that works like your digital receipt
that's really all you need! the magic happens in how it works: each node in the path only sees one hop before and after itself.
This was helpful. Thanks.
and you aren't responding to a
ANY of the concerns in the site I linked.
theres a new one of these every few months.
Because this is a network that is effectively still in beta testing.
Quit trying to push it as a finished tested product
First of all, he DID link the video, and second, I believe that you have a bit of a misunderstanding about how Lightning Network works. There truly is no such thing as a "Lightning transaction" in the traditional sense. On the Lightning Network, the only transactions that exist on the timechain are those to open and close channels. With bolt11, an invoice consists of a routing path (similar to TOR's onion, but technically slightly different), and payment information that is passed through that path. The actual "sending" of bitcoin happens through updating channel states between participants, which are essentially just promises backed by on-chain bitcoin in the channel. When you use bolt11 on Lightning Network, each hop in the routing path only knows its immediate predecessor and successor - they have no idea about the payment's origin or final destination, unless an attacker controlled all the nodes between you and the recipient of a payment they would have no way of knowing who you are sending money to, even if they were to track each payment at the packet level it would be extremely hard to figure out who the final payment goes to.
Also, with bolt12 route blinding lets the recipient hide their node identity from the sender, this means neither party needs to fully trust the other or reveal their network position.
Then you should actually WATCH the video.
Yes I am aware that the lightning network is not a blockchain
and that bolt 12 is supposed to fix all of our problems
and also that it isn't implemented yet
As I said
once these solutions are implemented
and tested
and have been around for a little while,
THEN you can start saying that it's a privacy tool.
Until that you're just posing.
I'm done arguing, need to get some sleep
I recommend you to take a look at:
- the bolt11 specification https://github.com/lightning/bolts/blob/master/11-payment-encoding.md
- bolt01 https://github.com/lightning/bolts/blob/master/01-messaging.md
- bolt04 https://github.com/lightning/bolts/blob/master/04-onion-routing.md
- bolt07 https://github.com/lightning/bolts/blob/master/07-routing-gossip.md
- bolt08 https://github.com/lightning/bolts/blob/master/08-transport.md
- https://www.bolt11.org/ paste in an invoice and look at how it works
bolt12 is only an **additional** privacy layer to what's already provided by the specification I linked you
hey if monero works for you keep using monero, nobody's stopping you, you're a sovereign individual like all of us 😉
Okay so with bolt12, this is going to sound really dumb and I'm clearly trying to figure this out.
Starting address and amount ->hops to node still same transaction nothing is hidden-> next node same transaction two nodes now hiding start point -> next node separation from start point but still same corn so where is obfuscation?
I don't understand this and need someone to explain it like I'm 10. To me even though the node hops and the start point maybe hidden the BTC is still able to be traced back to the original address that started the transaction right? Wouldn't the only way to really hide that be to have it drop in a pool of some sort then piece together totals from the pool mixing with multiple other piles of corn? Like the way whirlpool worked? I just don't get how it works, clearly, unless the start and end aren't important because you're just breaking the node to node until you flip on/off chain then save?
Does that make sense? Sorry I've been pretty sick and I feel like that was a flight of ideas lol
>I don't understand this and need someone to explain it like I'm 10
I will explain it to you like you're an adult: it's similar to how onion messaging works. You send an encrypted message to party K, who finds inside an encrypted message for party L. He sends it to party M, who finds an encrypted message inside for party N. And so on. No party knows who the sender is except the sender themselves.
>Starting address and amount ->hops to node still same transaction nothing is hidden
Lots of stuff is hidden: the routing node does not know who the sender or recipient is, nor if the amount is the full amount, a partial amount, or a decoy (aka a payment probe).
-> next node same transaction two nodes now hiding start point
It's not just that "two nodes" are hiding the starting point; the first routing node does not know if the previous person is the sender or just another routing node. So from his perspective there might be *any number* of nodes hiding the starting point. What hides the starting point is that you can't tell a starting point from another routing node.
> To me even though the node hops and the start point maybe hidden the BTC is still able to be traced back to the original address that started the transaction right?
No. Just like with onion messaging, routing nodes can ask one another if they routed the payment, and maybe some will collude and reply "yes, I helped route the payment." But even if all routing nodes collude, they can only ask the sender "Did you help route the payment?" and if he does not reply, they don't know if he was the sender or just a routing node who refuses to collude.
The video is great, every Monero user should watch it. And you are right, does not show that they can trace it.
And BTW, bolt12 has been already implemented.
not by the most wisely used LN implementation it hasn't
I have literally just used bolt12 in one of the most used lightning wallets.
To be fair it is more flakey than bolt11 right now because it's still not used by every node, but yeah didn't even feel the need to rebutt that, you're absolutely correct
oh come on
it isnt even *implemented by LND yet
It works with lnd when you run it with https://github.com/lndk-org/lndk
How private was it?
bolt12 is optional in some wallets and is barely used
But that doesn't even matter because due to it's complexity most Lightning users are on custodial wallets so have no privacy from the custodian, hackers that will inevitably breach that data, and governments that compel those custodians to save that info and give it to them
Even using a malicious node doesn't reveal receivers or amounts. And if you use Tor or a VPN they don't know your IP address. This leaves them with undeterminstic guessing of the sender which has been an admitted weakness of ring signatures and known thing for many years in the Monero community (it's why Monero is upgrading to FCMP later this year)
Why all this theorycrafting with best case scenario about Lightning privacy?
Most user don't use Lightning that way and bolt12 is optional and barely used. They're all on WoS, Strike, Chivo, Primal, etc
Monero provides much stronger privacy by default for the average user
Did you read any of the articles or think about what you read? What compelled you?