Discussion
Context:
Finnish feds trace xmr: https://cointelegraph.com/news/finnish-authorities-traced-monero-vastaamo-hack
Japanese feds too: https://cointelegraph.com/news/monero-transactions-japanese-authorities-arrest-18-scammers
Ciphertrace explains how they trace monero: https://v.nostr.build/D4Nzp22vRF35IRnz.mp4
Popular monero wallets accidentally doxing users & their monero txs to chainalysis: https://digilol.net/blog/chainanalysis
this is hilarious, makes me like lightning even more than I did before
Thats why education is a key. Good luck
nostr:nprofile1qqs0dyqwddp2swndvevfw9x7fxkgdyvuv3jg2lv7ze9e2w70n3lf88gpzdmhxue69uhhqatjwpkx2urpvuhx2ue0qyghwumn8ghj7mn0wd68ytnhd9hx2tcpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp00tjpp5 nostr:nprofile1qqsqdzwltpr635ehdzfd52tz947qlhq77x2c7j7yguwep9n258k2nusprdmhxue69uhhw6r9v96zu6rpwpc8jarpwejhym3wvdhj7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uq3kamnwvaz7tm5dpjkvmmjv4ehgtnwdaehgu339e3k7mf04qpewr since y'all were monero curious.
Bro this whole thing is out of my depth lol. I need someone to explain to me how bolt12 actually obfuscates the addresses. Does it take fragments from multiple areas and replace them? If Tom throws $50 in $1 into a bucket of cash and pulls out a $20 and 3 $10s everything was mixed together and the it's broken up. Is this how this works lol
It works like onion messages. Before bolt12, by default, you send someone money by creating a path to their node: Alice pays Bob to pay Carol to pay Dave to pay Edna to pay Filbert. Filbert's invoice tells Alice how to construct a path to his node, and consequently Alice can find Filbert's node on the network, and construct a path to him.
With bolt12, the default way to send money is by creating a paty to a "rendezvous" node: Alice pays Bob to pay Carol to pay Dave...but she doesn't know anything beyond that. Filbert's node is talking to Dave waiting for him to say "I've got a message for you, but I don't know who it's from." (But it's from Alice.) Filbert's node then decrypts/reads the message and tells Dave "you should have a payment from someone that is meant to come to me. Let's finish the route." And then they finish the route together (Dave -> Edna -> Filbert) and settle the payment.
By this method, Alice never learns where Filbert's node is on the network and does not know where she sent the money. Also, lightning payments are atomic, so this is all done without ever letting any routing node (Bob, Carol, Dave, or Edna) ever have custody of the funds. Each routing node can either forward the payment or cancel the payment, but not keep the payment for themselves.
This video is also far from damming against XMR. They try to flex talking about how it was before XMR implemented another privacy feature but then their tool still couldn't really provide any good information and the guy who was doing the video admits that repeatedly
Thanks for sharing this. I like the back and forth with the BTC and XMR people. My thick skulled smooth brained self is slowly learning from both tech is not my forte and so it's a steady struggle
It's always good to make up your mind on these things.
Agreed. I still see a place for both as of now, but won't be surprised if BTC absorbs XMR privacy by default into it somehow
FYI despite the clickbait headlines, the way they were traced and caught in those articles had nothing to do with Monero. The chain analysis video is also unrelated and if you actually watch it it's more of an advertisement for Moneros strong privacy if anything. Even the agent is marveled.
Yeah when I was reading through the articles it didn't really show anything against xmr. Seemed more user error and in Japan they didn't address how so my guess is someone rolled on the others.
The video did nothing to detract from XMR at all and I thought that was kind and of funny.
I still see use cases for both and the privacy by default with XMR is nice. I can see a future where BTC becomes private by default. Not sure why the two realms, both champion liberty and self sovereignty don't work together instead of the steady pissing match
nostr:nprofile1qqs936kc97s4k4gqjnmltljgqns0uadh08d77t5mypg3anxkneks37gpzemhxue69uhhsmtj9e6hxetwdaehgu3wdaexwqg4waehxw309ahx7um5wgh8smtj9eex7cmtwvq3kamnwvaz7tmwdaehgu3wwphhyar9d4hkuetjduhxxmmdhdhm8r nostr:nprofile1qqs0sxxdz722j74u5kvzym4chlualjx0jef32llvdveg98jpqs0tmlgpzdmhxue69uhhwmm59e6hg7r09ehkuef0amkmxc Next episode?
Recorded last night 😉
So, where's the proof of work? This looks like claims and people having poor ospec.
Why leave out how they were "traced" and caught? Had nothing to do with Monero
cool story bro
quit lying that monero tech has been broken 👍
I mean... he has shown pretty compelling proof
and even *he admitted it was a result of timing analysis and NOT becasue they had compromised monero.
Monero's weaknesses are why it is compromised:
- timing attacks
- merge analysis
- recency bias
- unencrypted recipients
- unencrypted senders
- amounts only partially encrypted
- all transactions permanent & public
- senders know where they sent their money to
LN is just so much better
Timing attacks:
are trivial *on LN* with over 90% of the network being custodial. And also mitm attacks extremely possible.
Timing attacks are a possibility everywhere and depends on the surveillance conditions. It's a lie to say that on LN you don't have to worry about it.
Merge analysis :
Sure this can be a thing when you have a blockchain. As you're aware, fcmp fixes this.
But it's a complete lie to suggest that it's possible to establish what txos belong to who. This is a heuristic which *could* suggest probabilistic correlation.
Recency bias:
I'm assuming you mean the decoy selection algorithms. again a *possible heuristic*. one that absolutely nobody could establish the weight of. Again fcmp fixes this.
Talking about unencrypted senders and recipients is just completely disingenuous.
Here's fluffys scorching ridicule on X
https://xcancel.com/fluffypony/status/1824433941459157115
Amounts only partially encrypted is just a straight up lie. I think you mean to say that "the fee is visible by design"
Transactions permanent and public:
Blockchain 👍
Its is a lie to suggest that it is public, since addresses, recipients and amounts cannot be read by third parties.
Equally disingenuous to claim that senders know who the receiver is.
The address the sender uses never appears on chain and the stealth address will never appear again.
conjoin 😂
Would love to hear you discuss with nostr:npub12qz56plzehejkyp4waaannmnny4y4c30j8q55a3wlk49haslga2snypdx8 on good pod
I still think the mining algo will compromised again one day.
Fool me once...
Yes
to me the most compelling evidence he showed was the video where the person at chainalysis explained how they can trace monero transactions. the same thing cannot be done with lightning (especially bolt12) because there's no single source of truth
1) show me where he actually linked that video. he didn't (and wont) because ot plays like a monero commercial.
2) here is that video. actually watch it and you'll see that they CANNOT "trace monero transactions." unless someone has connections to their malicious node without a proxy they aren't getting significant data about a sender.
https://v.nostr.build/D4Nzp22vRF35IRnz.mp4
3) you have no idea, as an end user , what privacy protections you are getting in any given LN tx. bolt12 is awesome and I look forward to to actually being functional tech. Until it is implemented and battle tested, it is NOT a privacy solution.
I linked to the video here: nostr:nevent1qgszrqlfgavys8g0zf8mmy79dn92ghn723wwawx49py0nqjn7jtmjagqyz8k23pc2ya8gjx5xdfludr2sj4mrs3lfqlwskc34n7w2whce757kngz4v8
It's not a monero commercial, it's a nail in monero's coffin
Now do how many people have gotten busted for using bitcoin.
Que the song 
I don't think that video is the flex that you think it is. Granted this is well outside of my wheelhouse, but even the guy in the video admits multiple times that he's not really finding that much information. He also admits that this was from before. Whatever new XMR implementation dandelion is. I would assume that would make it even more difficult. That guy did not do a very good job of selling its ability to track XMR
I'm just trying to learn but that video is kind of a good commercial for XMR and is far from a nail in the coffin
After I've read these articles I think there is no general algorythm an/or toolset to analyze all possible Momero transactions. These cases spotted that there were some additional a-priori imformation about the suspects, therefore the law enforcement firms analyzed specifically the suspicious transactions.
> you have no idea, as an end user , what privacy protections you are getting in any given LN tx
Still looking for an LN tx? All day I've been asking monero users to show me an LN transaction and identify the sender, recipient, and amount. So far they haven't even found a *transaction to analyze.* Care to step up?
explain to me how
as an end user,
i should assess the privacy of ANY given LN tx.
I'll wait.
this
"if some rando on the Internet can't trace a random tx, it must be private"
game doesnt prove jack shit.
there IS **NO** lightning network TX. It does not exist.
you **can** cryptographically verify that intermediate nodes can't determine the recipient's identity, but there is NO public ledger of all the transactions.
there's no obscurity or hope, I recommend you to actually read about how lightning works, because you seem to have many misunderstandings
sigh
heres the standard info bro
yes I am aware it isnt a blockchain.
as an end user, i am making a transaction.
If I cannot evaluate my anonset before sending, It is not a good privacy tool.
https://www.voltage.cloud/blog/lightning-network-privacy-explainer
there is no anonset the way that it's there in monero.
when you generate a lightning invoice you have:
- a pubkey that says where your money needs to end up
- a signature proving the invoice is legit and hasn't been messed with
- a payment hash that works like your digital receipt
that's really all you need! the magic happens in how it works: each node in the path only sees one hop before and after itself.
This was helpful. Thanks.
and you aren't responding to a
ANY of the concerns in the site I linked.
theres a new one of these every few months.
Because this is a network that is effectively still in beta testing.
Quit trying to push it as a finished tested product
First of all, he DID link the video, and second, I believe that you have a bit of a misunderstanding about how Lightning Network works. There truly is no such thing as a "Lightning transaction" in the traditional sense. On the Lightning Network, the only transactions that exist on the timechain are those to open and close channels. With bolt11, an invoice consists of a routing path (similar to TOR's onion, but technically slightly different), and payment information that is passed through that path. The actual "sending" of bitcoin happens through updating channel states between participants, which are essentially just promises backed by on-chain bitcoin in the channel. When you use bolt11 on Lightning Network, each hop in the routing path only knows its immediate predecessor and successor - they have no idea about the payment's origin or final destination, unless an attacker controlled all the nodes between you and the recipient of a payment they would have no way of knowing who you are sending money to, even if they were to track each payment at the packet level it would be extremely hard to figure out who the final payment goes to.
Also, with bolt12 route blinding lets the recipient hide their node identity from the sender, this means neither party needs to fully trust the other or reveal their network position.
Then you should actually WATCH the video.
Yes I am aware that the lightning network is not a blockchain
and that bolt 12 is supposed to fix all of our problems
and also that it isn't implemented yet
As I said
once these solutions are implemented
and tested
and have been around for a little while,
THEN you can start saying that it's a privacy tool.
Until that you're just posing.
I'm done arguing, need to get some sleep
I recommend you to take a look at:
- the bolt11 specification https://github.com/lightning/bolts/blob/master/11-payment-encoding.md
- bolt01 https://github.com/lightning/bolts/blob/master/01-messaging.md
- bolt04 https://github.com/lightning/bolts/blob/master/04-onion-routing.md
- bolt07 https://github.com/lightning/bolts/blob/master/07-routing-gossip.md
- bolt08 https://github.com/lightning/bolts/blob/master/08-transport.md
- https://www.bolt11.org/ paste in an invoice and look at how it works
bolt12 is only an **additional** privacy layer to what's already provided by the specification I linked you
hey if monero works for you keep using monero, nobody's stopping you, you're a sovereign individual like all of us 😉
Okay so with bolt12, this is going to sound really dumb and I'm clearly trying to figure this out.
Starting address and amount ->hops to node still same transaction nothing is hidden-> next node same transaction two nodes now hiding start point -> next node separation from start point but still same corn so where is obfuscation?
I don't understand this and need someone to explain it like I'm 10. To me even though the node hops and the start point maybe hidden the BTC is still able to be traced back to the original address that started the transaction right? Wouldn't the only way to really hide that be to have it drop in a pool of some sort then piece together totals from the pool mixing with multiple other piles of corn? Like the way whirlpool worked? I just don't get how it works, clearly, unless the start and end aren't important because you're just breaking the node to node until you flip on/off chain then save?
Does that make sense? Sorry I've been pretty sick and I feel like that was a flight of ideas lol
>I don't understand this and need someone to explain it like I'm 10
I will explain it to you like you're an adult: it's similar to how onion messaging works. You send an encrypted message to party K, who finds inside an encrypted message for party L. He sends it to party M, who finds an encrypted message inside for party N. And so on. No party knows who the sender is except the sender themselves.
>Starting address and amount ->hops to node still same transaction nothing is hidden
Lots of stuff is hidden: the routing node does not know who the sender or recipient is, nor if the amount is the full amount, a partial amount, or a decoy (aka a payment probe).
-> next node same transaction two nodes now hiding start point
It's not just that "two nodes" are hiding the starting point; the first routing node does not know if the previous person is the sender or just another routing node. So from his perspective there might be *any number* of nodes hiding the starting point. What hides the starting point is that you can't tell a starting point from another routing node.
> To me even though the node hops and the start point maybe hidden the BTC is still able to be traced back to the original address that started the transaction right?
No. Just like with onion messaging, routing nodes can ask one another if they routed the payment, and maybe some will collude and reply "yes, I helped route the payment." But even if all routing nodes collude, they can only ask the sender "Did you help route the payment?" and if he does not reply, they don't know if he was the sender or just a routing node who refuses to collude.
The video is great, every Monero user should watch it. And you are right, does not show that they can trace it.
And BTW, bolt12 has been already implemented.
not by the most wisely used LN implementation it hasn't
I have literally just used bolt12 in one of the most used lightning wallets.
To be fair it is more flakey than bolt11 right now because it's still not used by every node, but yeah didn't even feel the need to rebutt that, you're absolutely correct
oh come on
it isnt even *implemented by LND yet
It works with lnd when you run it with https://github.com/lndk-org/lndk
How private was it?
bolt12 is optional in some wallets and is barely used
But that doesn't even matter because due to it's complexity most Lightning users are on custodial wallets so have no privacy from the custodian, hackers that will inevitably breach that data, and governments that compel those custodians to save that info and give it to them
Even using a malicious node doesn't reveal receivers or amounts. And if you use Tor or a VPN they don't know your IP address. This leaves them with undeterminstic guessing of the sender which has been an admitted weakness of ring signatures and known thing for many years in the Monero community (it's why Monero is upgrading to FCMP later this year)
Why all this theorycrafting with best case scenario about Lightning privacy?
Most user don't use Lightning that way and bolt12 is optional and barely used. They're all on WoS, Strike, Chivo, Primal, etc
Monero provides much stronger privacy by default for the average user
Did you read any of the articles or think about what you read? What compelled you?
