You neglected to mention that they observed "the right amount" of monero arrive in his CEX account "in the right time frame," namely, within minutes after withdrawing them from a prior exchange. That is called a timing analysis trace and it would not work if monero didn't leak data about the amount and the time of a transaction.
nostr:npub1yxp7j36cfqws7yj0hkfu2mx25308u4zua6ud22zglxp98ayhh96s8c399s says that when law enforcement observes coins arrive in a suspects CEX account
that's called they "found them by tracing"
Its hard to believe anybody still takes what this person says as legitimate.
#monero
Discussion
No
there is no mention of "withdrawing from a prior exchange"
only that a swap was performed.
the transparency was all on the *Bitcoin side*
and simply seeing Monero arrive at a surveiled CEX account isn't "tracing monero".
also they nowhere say they apprehended him due to the exchange KYC data,
you just made that up.
There is implicit mention of withdrawing from a prior exchange
You cannot get money from exchange A to exchange B without withdrawing it from exchange A
Seeing an amount of monero leave exchange A and roughly *the same* amount arrive at exchange B within minutes, 4 different times, is a classic timing analysis trace
As for "apprehending" him, that is an interesting word choice. They did this to identify their suspect as the money handler so they could pin charges of money laundering on him. It was because of the trace tbat they could identify him as the perpetrator of that crime.
automatic custodial exchange are a thing, no user initiated withdrawal may have been necessary.
but whether user-intitiated or not,
and whether there was an intermediate wallet or not, they nowhere claim to have visibility into any "withdrawal." it is not mentioned at all.
nobody contests there was timing analysis done, but seeing Bitcoin go in and Monero come out isn't "tracing monero."
there is no "monero tracing" when their only monero data point is seeing coins arrive on the CEX.
and if you dont like the word "apprehend", we'll use your word "find".
nowhere do they claim they "found" him by "tracing monero" (as they dont claim to trace monero at all).
so your statement on the case "the DoJ found the admin of Incognito Market by tracing his monero" is a straight up lie.
no tracing, no finding.
you just made all that up to deceive people i guess.
or show me where the FBI says that they first identified him from his Exchange 1 KYC information.
I accept I may have missed that,
but so far it's just you making up more data points that fit your narrative.
> automatic custodial exchange are a thing, no user initiated withdrawal may have been necessary
It would have been necessary whenever the amount he deposited into the second exchange differed significantly from the amount he deposited into the swap service. I grant that the first time he did it, it's plausible that he did not withdraw the money; the amount he swapped was identical to the amount he deposited at the second exchange, so perhaps he just entered the second exchange's address as the recipient for his swap.
But if that is what he did, he clearly wisened up, because in the other three cases, he made the amounts vary a bit: once he sent a bit extra to the second exchange, the other times he sent a bit less. Indicating that he withdrew the money to a separate wallet first. So in all cases except possibly the first one, a user initiated withdrawal *was* necessary.
> whether there was an intermediate wallet or not, they nowhere claim to have visibility into any "withdrawal."
They mention the exact XMR amounts he received via the swap. That is insight into the withdrawal that they should not have had.
> it is not mentioned at all
Here it is:
Question: how did they know exactly how much he received via the swap? It wasn't the same amount he deposited into the second exchange. So they must have gotten that info from somewhere else. I think the first exchange *told* them how much money he received via the swap. Which means they got data they shouldn't have.
> nobody contests there was timing analysis done, but seeing Bitcoin go in and Monero come out isn't "tracing monero."
Seeing bitcoin go in is clearly tracing bitcoin. Seeing monero come out is clearly tracing monero.
> there is no "monero tracing" when their only monero data point is seeing coins arrive on the CEX
That's not the only data point. They saw the amount and time of two different monero transactions: the withdrawal from exchange A and the deposit to exchange B. That's not one data point, it's two.
> and if you dont like the word "apprehend", we'll use your word "find".
nowhere do they claim they "found" him by "tracing monero" (as they dont claim to trace monero at all).
They found him to be the launderer by means of this trace. The term used is the correct one. But if I change "they found the admin of Incognito Market by tracing his monero" to "they traced the monero of the admin of Incognito Market in order to identify him as a money launderer" will that be an improvement in your eyes?
to be clear
you're saying that LE supposedly getting his tx data from the swap service,
which is not part of the evidence but implied for the reasons you gave,
then comparing that to tx data from his exchange account and seeing these close matches constitutes "tracing monero?"
Replace Monero with Lightning in this scenario. How would this have changed anything? It wouldn't have. The problem is obviously with the chokepoints which are the exchange and swap services where they can see this extra data that isn't revealed on the network themselves.
Unless you would define that as "tracing" Lightning too, if so, fair enough but not sure I would agree this was tracing Lightning itself.
I agree that if the admin had done the exact same action with lightning the timing analysis would have worked against lightning too
You may not want to call that tracing but I think it is the accurate term
> within minutes after withdrawing from a prior exchange
need I say more?
its kind of moot,
hes just trying to create the impression they followed the funds through a 2nd hop.
ie making up data that doesn't exist.
when they explicitly say they just saw Bitcoin get deposited into a swap service and then Monero arrive on the CEX.
Man I really love this guy. Single handedly discrediting himself to all the observers he hopes to sway every time he opens his mouth. He wants to be a warrior against Monero but he's the wrong one do do it. He just doesn't have it in him.
well he's smart enough dont you think?
and I think he could actually be a good educator.
like if he tried to present the data without the spin doctor stuff he would be a useful resource.
but his bias makes it all pretty sad attempts at fud instead.
no clue about motive, it seems to just be confirmation bias.
for example afaict he honestly wants to believe this bust is really evidence of an EAE attack.
there's just no data to support that conclusion.
They say we shouldn't ascribe motive, but at this point I've seen enough that I, personally, am convinced that it is in bad faith. There's no way he genuinely believes that giving someone an address to send to qualifies as tracing, for example.
i dont know...
a really pedantic nerd maybe...
> There's no way he genuinely believes that giving someone an address to send to qualifies as tracing
I don't believe that
But I do believe monero would be more private if you did not have to give anyone an address
Every time you have to give someone data, it's a privacy leak
You've literally told me that giving someone an address to send coins to and them knowing how much they sent there constitutes tracking.
Mimblewimble doesnt have addresses. Both parties just sign a transaction. Are you a fan of that?
> ...and them knowing how much they sent there
This seems like.highly relevant additional context
Knowing where the coins go sounds very important to the concept of tracking
> MimbleWimble doesn't have addresses
Cool. I don't know much about mimblewimble yet, but that part sounds neat.
The sender knowing where they need to send coins is par for the course. You literally cannot even give me cash or gold or whatever without knowing what my face looks like or what my mailing address is. It's knowing what I do with it after that that matters.
> The sender knowing where they need to send coins is par for the course
Then change course
There's no reason to stick with the poor privacy options of the past, not now that we can do better
It used to be that you could not run a server without disclosing your ip address to your users
Then tor came out and you could run a server as a tor hidden service
It used to be that you could not run a DNM without disclosing your crypto address to your users
Then lightning came out and you can run a DNM as a lightning hidden service
Let's keep pushing and make things ever more private
> It's knowing what I do with it after that that matters
It matters that someone knows your cryptocurrency address. What if they testify in court against you that you gave them that address, and the prosecution demonstrates that it's private key was found on one of your devices? Suddenly it matters. The sender should never learn anything that sensitive.
I believe its a core information theory constraint that you cannot communicate with another entity without revealing some identifying information to them about yourself.
Maybe so, but some information is safer to reveal than others
Option A: the receiver gives the sender a one-time payment string, the sender pays it, and the the receiver irrecoverably discards every trace that he ever had the payment string
Option B: the receiver gives the sender a reusable payment string, the sender pays it, and they both keep the string forever
The latter is worse for privacy because the shared piece of data ties the sender and the recipient together, it stands as an everlasting proof that they interacted. At least one of them should discard it because if it is found on them both, it is evidence that they once interacted. But there is only one way for each to be sure that at least one of them destroyed it: destroy it yourself.
This is not encouraged in monero; on the contrary, the standard contact list feature encourages the sender to keep the receiver's monero address and reuse it, and the standard recommendation for the receiver is never to delete his private keys, because someone might send him money at an old address, not knowing he deleted the keys.
What you say is undoubtedly correct. It's where a stateless system like LN shines.
But then we still have big LN nodes (banks) that route almost all payments and can collect a lot of data. So we want to get rid of the requirement of using those as well.
Well, this is all 100% true. Us Monero dudes often say "this is a known issue and we are taught never to re use subaddresses" and while that's true, they're deterministically generated from our private key and so cannot be deleted, and it is taken for granted that we will reuse them so much that it is encoded in our UX for basically every client. Still, I would say that as a privacy shortcoming, this is the least detrimental one to have, but youre right, that doesnt mean it doesnt need a solution.
You might find this interesting, in MW, transactions are sent side channel and must be signed by both parties. This works like an ephemeral record of who is paid, all the sender has is an email address or something that they do not have to keep indefinitely, like option A above. The signatures are schnorr signatures and so what gets written to the chain is a combined signature that nobody but the parties to it can tell they were parties to it. And, ultimately the only thing that is needed for consensus is the UTXO set, so once the recipient spends the output it is no longer kept as a record, in contrast to literally all other blockchain protocols. The shortcoming with it is that this deleting of old transactions cannot be forced on all nodes, so while those transactions are not needed for consensus, a node choosing to keep them anyway can probabilistically put together a graph of counterparties from them over time. This is actual tracing by third parties and so the trade off here is not worth it privacy wise.
Subaddresses are deterministically generated, but have a massive space of 2^96 possible subaddresses per private key (virtually endless for all practical purposes). I could be wrong but I think you could technically choose a random range where the index would start. It would basically be impossible to find your transactions for an adversary even if they somehow got ahold of your private keys. I don't know any wallet that has this option built-in and not sure how practical it would be since you would have to save that index range somewhere along with your private keys. I think wallets should provide users an accessible way to do this though if they wanted to.
MW is great. There are no addresses on the blockchain, period, not even stealth addresses. I like Grin and LTCMWEB, and Beam is doing some cool things. But you already described the problem that an active malicious node could simply save that info in the mempool to put together a transaction graph. It would only be able to see from that point forward, but it is pretty weak privacy as far as hiding transaction graphs go.
probably worth noting that this has nothing to do with Monero specifically don't you think?
why do you spin the problems of blockchains as "monero leaks"?
A blockchain problem is a monero problem
wow
its almost like you want to create the impression these issues are unique to monero
cool cool
I don't want to create that impression
To say X is a monero problem is not to say it is *only* a monero problem
The website describes itself as a list of leaks monero has, not a list of leaks that *only* monero has
maybe you could go through and color code the items that are common to blockchain problems and specifically identify the ones that are weakness in Ring sigs and stealth addresses?
just a suggestion, I know everyone is busy
Thanks for challenging our lazy asses.
We need to do better. Adversarial thinking means constantly improving against (new) attack vectors.
Can we win you over to do stuff for Monero e.g. tinker how LN could look like on Monero post FCMP++.
Including interoperability between BTCLN and XMRLN which would benefit our community.
Isnβt the obvious leak here that the exchanges are cooperating with authorities and telling them time, amount and user details of every monero deposit/ withdrawal?
If the sender or receiver of a transaction shared details of the transaction with others, is not a failure of the protocol.
No it's not a failure of the protocol. But with that much centralised data flying around you want the protocol and the environment around it also protect against this as good as possible.
Not using any centralised banks is a good start, which is also true for all the big LN nodes that are all large banks.
it's not possible for every current and future monero user to cease using monero and take up a convoluted lightning setup. there's not enough room on L1 for them to all perform the necessary channel maintenance steps. there would have to be a blocksize increase, because lightning doesn't scale users. everything that was done to get around this problem results in total loss of sovereignty as well as increasing levels of information leakage.
this is just one of the many reasons why the mass conversion scenario envisioned by super testnet is not actually possible with lightning.
let's start with every current user, it's possible for them to do it
and if they do then perhaps the number of future monero users will be 0