Discussion
Identifying the destination is tracing regardless of who does it
Lol surely you're well aware of how full of shit you're being. I can't imagine you actually buy this nonsense, maybe I'm giving you too much credit.
When I give you money, of course I know I'm giving you money. How else is it supposed to work? And that's the same thing as the cops tracing the money and then somehow doing it again when it gets subsequently spent? You know that you're working against your own goals with these arguments right?
> of course I know I'm giving you money. How else is it supposed to work?
It is supposed to work like in lightning, where the sender doesn't know what node receives the money or what channel receives the money or what pubkey receives the money. That way, if the cops ask you where you sent the money to, you have as little useful information as possible. Monero gives the sender useful information, specifically, the recipient’s real, unfavorable pubkey.
no.
the node pubkey is part of a bolt11 invoice.
this line is both a strawman and a red herring.
> the node pubkey is part of a bolt11 invoice
The pubkey in a bolt11 invoice simply signs the invoice, it does not control any money
You can put a dummy pubkey in there and the sender has no way to detect that you did so
If he shows it to authorities, they can end up on a wild goose chase watching for a pubkey that doesn't even exist anymore to do something it will never do
its understandable you will take any opportunity to change the subject 👍
It seems to me that when the subject is "what pubkey key receives the money" it is entirely relevant to discuss whether the pubkey in a bolt11 invoice receives any money
this is the topic of the conversation.
you sneaky guy 😂
No, Monero has subaddresses for that very reason. There are no nodes that route payments, only nodes that broadcast obfuscated transactions, so that's immaterial. The only thing you have is a one time payment address that can't be used to derive the public key of the user. It is literally as little useful information as possible. It's a completely random number that connects to nobody unless you have the recipients private keys.
Subaddresses are cool but they two unfortunate characteristics: (1) the sender derives a real pubkey from the subaddress and sends money to it (2) if the recipient spends that money, their pubkey shows up again as a member of a ring signature
Chain analysts use that fact to trace monero payments. They have ways to eliminate decoys from the ring signature and, in many cases, identify the real spender, and this privacy flaw has led to several arrests. Lightning fixes it.
FCMP++ fixes it too. You gonna be a Monero bro after that upgrade?
It is known that ring sigs aren't foolproof. This is why the ring size has been raised every time we get an improvement that affords more space in transactions. This is why we are excited to move to a whole network anonymity set. That's not what you've been talking about this whole time though, you've been saying that because you know who you're paying and how much, something that will always be the case for payments, that that means traceable.
I like FCMP and it sounds like it does fix most of my monero criticisms
But it fixes them by achieving what we already have in lightning (a blob of indecipherable sender data that anyone could have produced), and it achieves it in a way that unnecessarily bloats the chain with big blobs that everyone has to store forever
Just use lightning, that's my recommendation
Re: the sender tracing his payment to the recipient in a post FCMP world, yes, even in that world (if it ever arrives) the sender will be able to identify the recipient’s pubkey, which is tracing -- it's the first step. I think it's a lot less useful in a post FCMP world because every future tx will reference that pubkey as a possible spender, along with every other pubkey, and I suspect it will be infeasible to eliminate enough decoys in that world. Exiting stuff!
I don't think it's unnecessary bloat, but yes, having to store everything forever is a big problem, for bitcoin as well as Monero. We have solutions to this, light nodes and the like, but they're really just stopgaps. The real solution is a scheme that doesnt require spent outputs to be stored forever by anyone, like mimblewimble. This solves all kinds of other problems too, block size whatever and all that. Lightning and stateless L2 offchain stuff are *not* solutions to this problem as they cause other even worse problems, particularly in bitcoin. You can browse my public bookmarks if you want to understand what I'm talking about, I've written extensively about this.
It is not tracing lol. I pay you, I know I paid you, that's not tracing. It's tracing if I can tell where you spend it next, or if someone else can tell I paid you.
It's all about trade offs. Only the users have access to their specific needs. Monero bros are rarely against BTC. Since many of us gave been earliest Bitcoiners we figured that we have a need for it in today's world. This may change in the future, become more or less.
I like Bitcoin, LN, Monero, ecash all for different reasons and I hope we come up with even better solutions in the future.