Nostr Web Client

Replying to

Hanshan

you are the meme

but forgot to say "be sure you open your channel with a conjoined utxo"

also minus several thousand points for the "more private" overgeneralization.

Super Testnet 11mo ago 💬 3

"send XMR to address"

that's what these folks did, and they got arrested:

The finnish guy: https://cointelegraph.com/news/finnish-authorities-traced-monero-vastaamo-hack

The 18 japanese people: https://cointelegraph.com/news/monero-transactions-japanese-authorities-arrest-18-scammers

"Just sending xmr to an address" is also bad advice when the most popular monero wallets (cake wallet and monerujo) are known to have been unwittingly giving a list of nearly all their users' xmr transactions plus your ip address to Chainalysis: https://www.digilol.net/blog/chainanalysis-malicious-xmr.html

It is very easy to leak your personal info, especially your ip address, so do not "just send XMR to address" -- even the Monero website warns against this stupid "just use xmr" meme:

https://www.getmonero.org/get-started/faq/#anchor-magic

Reply to this note

Please Login to reply.

Discussion

Hanshan 11mo ago 💬 2

bullshit.

you are smart enough to know that there is NO deterministic way to identify the true spend in a ring.

and it's not particularly useful even if you do.

even your own "tracing tool" doesn't do much (if anything) except for a couple of heuristics.

the Japanese and Finnish stories are law enforcement FUDing good privacy tools, plain and simple.

as if they broke long established cryptographic primitives themselves and the ENTIRE FUCKING crypto community didn't hear about it.

do better.

Hanshan 11mo ago 💬 2

BTW

there 90 minutes of STNs pedantic quibbling about why he thinks LN is better than monero on nostr:nprofile1qqsqxf440czzuzyjswddcumcg6yafpdll55958wvl6w94kk6g7dp6nqpr3mhxue69uhkummnw3ezuur0wf6x2mt0dejhymewvdhk6tcpzemhxue69uhkummnw3ezu7rdwgh8ymmrddej7qghwaehxw309aux6u3ww4ek2mn0wd68ytn0wfnj77a2vxg s pod

if anyone can listen to him splitting hairs to rationalize his ideas for that long.

https://podcast.paranoiamachinery.com/media/podcasts/paranoia_machinery/1728157833_e6e66a68e113497d93e1.mp3

Super Testnet 11mo ago

I encourage readers to listen to the podcast and draw their own conclusions

also this one with me and Luke Parker (monero dev): https://x.com/super_testnet/status/1824431745443279044

Hanshan 11mo ago

exactly why I posted it.

Super Testnet 11mo ago 💬 3

they don't need to break "long established cryptographic primitives" because monero doesn't encrypt the sender or the recipient

and the entire crypto community *did* hear about these busts, hence the highly visible articles in very popular crypto news outlets

Hanshan 11mo ago 💬 2

just stop.

the "recipient" is a one time address which doesn't correlate to anything.

it's more bullshit pedantry to say "its not encrypted"

all a 3rd party knows is it a *possible send somewhere.

but has no idea if it appearing on the chain is a possible decoy or not.

and yeah i wrote a breakdown of the original Nikkei newspaper article when it broke.

I know you know this stories break every year or two and they have NEVER been because LE has made any technical progress in "tracing" monero.

Super Testnet 11mo ago 💬 3

they told us most of how they traced the Finnish guy's monero. After arresting him, they sent an information request to a swap service which knew precisely what address they sent the monero to (because monero does not encrypt the recipient address), and then they sent another information request to binance, who knew that address showed up as a "ring member" in a transaction to their exchange. So they knew it was him. Didn't require breaking any cryptography. Just following the trail through monero's public ledger.

Super Testnet 11mo ago

Of course, if the guy had used lightning instead of monero, the Finnish technique wouldn't have worked. The swap service wouldn't know what address received the money (because lightning hides the recipient's address from the sender) and binance would not know what address sent it to their exchange (because lightning hides the sender's address from the recipient)

Hanshan 11mo ago 💬 3

People *actually understanding* the trade-offs they make is important.

You are actively working against that understanding by spreading bullshit.

Lightning *probably* does provide *some* privacy guarantees.

mostly unquantifiable.

because it depends on a lot.

mostly outside the end users control.

Monero already does provide provable reliable privacy. for all users of the network.

You,

trying to twist every little thing you can

to fit your desired narrative,

works against the security of end users 💀

Super Testnet 11mo ago 💬 1

> Monero already does provide provable reliable privacy. for all users of the network.

Except the ones who keep getting arrested

Hanshan 11mo ago

cope harder bro

MoneRogue 11mo ago 💬 2

Could you give examples?

Hanshan 11mo ago 💬 2

his examples

nostr:nevent1qqs0zu0tysktyyqgtdyuwlv04xp2ucj2uc95yf0fgpdjqd004gt0utspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygpps055wkzgr583ynaaj0zkej4ytel9gh8whr2jsj8esfflf9aew5psgqqqqqqsgfwkzz

MoneRogue 11mo ago 💬 1

The only point bro has it about your IP address. Definitely would recommend using Tor or I2P for your Monero wallets or better yet just make some paper wallets.

These people getting busted is not XMR's fault. It's the fault of the users for practicing proper opsec skills!

Hanshan 11mo ago 💬 1

and he knows it.

it just suits him to walk right up to the edge of outright lying.

and meme when you call him out 🙄

Devin 11mo ago 💬 2

As someone who isn't in the know on all of the technical aspects I have a question. Are you saying that there are, in fact, steps beyond "send monero to monero wallet" (as suggested in your meme and paraphrased) that are required to actually maintain privacy?

Devin 11mo ago

Or is it just a matter of using a VPN or TOR to hide your IP?

Hanshan 11mo ago

it's a matter of using Tor or a VPN.

also best if you connect to your own node,

or a trusted one at least,

if you send through a malicious node it can identify the real spend (although nothing before that).

Saberhagen The Nameless 11mo ago

TLDR

it CAN see IP address, last block synced, and potentially manipulate your decoys (reducing your sender privacy)

it CAN'T see amounts, receiver addresses, balances, and transaction history

If you don't run your own node there are practical things you can do to reduce/eliminate what little malicious nodes can see be using TOR/VPN + changing the remote nodes you use for every transaction or at least periodically switching them. But of course the best privacy is always to use your own node.

"potentially manipulate your decoys" part will soon be remedied and be one less thing it can see when Monero upgrades to FCMP

Good resource on what a malicious Monero node can and cant see:

https://localmonero.co/knowledge/remote-nodes-privacy

Super Testnet 11mo ago

Finnish busts: https://cointelegraph.com/news/finnish-authorities-traced-monero-vastaamo-hack

Japanese busts: https://cointelegraph.com/news/monero-transactions-japanese-authorities-arrest-18-scammers

Chainalysis explains how they trace monero: https://cointelegraph.com/news/chainalysis-leak-monero-traceability

Ciphertrace claims to be able to trace monero but does not provide an example: https://news.bitcoin.com/ciphertrace-enhanced-monero-tracing-capabilities-governments/

Hanshan 11mo ago

you would link the actual video of CAs "monero tracing" techniques

if you were interested in actual facts.

but the video is basically a commercial for #monero

so you won't.

https://v.nostr.build/D4Nzp22vRF35IRnz.mp4

Papa Figos 11mo ago

Ok, I've been replying to you in good faith here, but now I see you actually have NO IDEA what you are talking about.

Go to a monero block explorer and find me ONE monero address (starts with 4 or 8) there. Go on, I'll wait.

An address shows up on a ring signature? lol! Again, go to the same block explorer, look up a random tx, and see if ring members look like addresses to you.

You clearly have no idea about what you're talking about buddy.

Hanshan 11mo ago

the sad thing is he *does know.

he just thinks he's smarter than everyone else and it's ok to lie.

Saberhagen The Nameless 11mo ago

"Monero doesn’t encrypt any of those things. It perfectly hides the amount, it perfectly hides the recipient (more akin to hashing than encryption), and it obscures the sender - but in future it will perfectly hide the sender too.

Anything encrypted can be decrypted, and Monero simply doesn’t encrypt anything because its users value privacy and can’t take that risk."

https://xcancel.com/fluffypony/status/1824433941459157115

Hanshan 11mo ago

wow these make me miss being on twitter

Saberhagen The Nameless 11mo ago

"Amount and receiver are ZK. Sender is ZK within their ring. That ring is a subset of all outputs."

https://x.com/kayabaNerve/status/1832145837847409036

Hanshan 11mo ago 💬 2

The most disingenuous fudster on nostr?

Or just the most pedantic?

certainly a gifted spin doctor and would do good work for a sleazy politician somewhere

nostr:nevent1qqs0zu0tysktyyqgtdyuwlv04xp2ucj2uc95yf0fgpdjqd004gt0utspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygpps055wkzgr583ynaaj0zkej4ytel9gh8whr2jsj8esfflf9aew5psgqqqqqqsgfwkzz

Hanshan 11mo ago

Also for the reader

This guy has no way of knowing how many IP addresses chain analysis was able to get (if any) as a result of the Moneroworld reverse proxy malicious nodes.

To sum up:

CA is running malicious nodes.

They had succeeded in compromising and redirecting DNS records of a trusted but poorly maintained service to point to them. The above wallets listed those some of thiser nodes as options in their default node list.

Users sending a tx through those malicious nodes had the true input (a stealth address) to their transaction identified. And if they weren't connecting through a proxy their IP address.

Obviously less information then what would be leaked if you were connecting to a malicious Bitcoin node.

heres the video where CA breaks down the data. its good to be aware of the dangers and see their capabilities.

which are frankly minimal.

just use a proxy and connect to a trusted node.

https://v.nostr.build/D4Nzp22vRF35IRnz.mp4

Papa Figos 11mo ago

You do realize the remote node never learns who you are sending to, or where from (other than IP address, but again, that's not a Monero issue, it's a TCP/IP issue), right?

What it does learn is that you own a certain utxo, if you immediately retry a tx on the same node after the node maliciously rejects it (there will be one ring member that doesn't change between txs, that's the real one).

Elephant in the root 11mo ago 💬 3

LOL Monero idiots saying people don't need Tor with Monero 😂

ede3d957... 11mo ago

No one is saying that. It's simply bad opsec. Nothing Monero can fix.

Elephant in the root 11mo ago

The author of the meme does.

Saberhagen The Nameless 11mo ago

Who is saying that?

It is true though that if you run your own Monero node you have better default network protection because of Dandelion

Elephant in the root 11mo ago 💬 1

Whoever made that meme.

Saberhagen The Nameless 11mo ago 💬 3

What meme?

Super Testnet 11mo ago 💬 3

the one Kanzan posted in this thread: nostr:nevent1qgs0npwnpyvheqz7zuvuwvv9k460c0hyqlturds40hhfn34vufvehwcqyzmedf9x4a7ga33dtjk88s0n0nw9yspkfgdna2xsv23wchfr7jddjx63xau

it puts "use tor" as an example of the gymnastics you have to do to gain financial privacy if you don't use monero

of course, if you're not using tor on monero, it's a lot easier for sybils to collect your ip address and link them to your transactions

Dandelion helps prevent this too, but it's much better with tor

Hanshan 11mo ago 💬 2

hey you said something about monero without needlessly distorting the facts or omitting essential information !

proud of you 🥲

Super Testnet 11mo ago

Hanshan 11mo ago

it was a good first try

Super Testnet 11mo ago

I will say, I'm not surprised the XMR people put "use tor" as a non-monero thing

Monero isn't made to integrate with Tor according to its github

https://yakihonne.com/notes/nevent1qgszrqlfgavys8g0zf8mmy79dn92ghn723wwawx49py0nqjn7jtmjagqypgmc7zgefsgx0uc9ujuhnpwf4tjxgx2zy8unf2hk69z2x7d3nls2y8ef6j

ede3d957... 11mo ago 💬 3

Monero is meant to be used with Tor and i2p.

Super Testnet 11mo ago 💬 1

I'm sure that's why its github explicitly says, "Monero isn't made to integrate with Tor" source: https://github.com/monero-project/monero

ede3d957... 11mo ago 💬 1

Read my other note. Also there have been many discussions about Kovri, a Monero i2p implementation. It has been abandoned for different reasons.

There are follow up projects that seek deeper integration.

Super Testnet 11mo ago

> Read my other note

Can you link to it? I don't know which note to look for

ede3d957... 11mo ago

Also I doubt that the Github page you are citing is reflecting the current state of understanding.

It's a good thing you bring it up so we can discuss and create more clarity.

Saberhagen The Nameless 11mo ago

Most wallets have Tor and Tor nodes available in the wallet like Cake, Feather, Monerujo, Stack

ede3d957... 11mo ago

Fully agree.

Monero should go all-in on anonymity networks or at least make it the default. That will result in less opsec failures.

So far people are still happy with being able to run Monero nodes over anonymous VPN/VPS and there are a couple of points made that scarcity of ipv4 addresses protects the network from sybill attacks via ipv6 , onion or i2p addresses. It's something I read from core devs. Not sure if some of those attacks can be mitigated by now.

Saberhagen The Nameless 11mo ago

LOL yea that meme is not 100% facts, because of course you need to use Tor for either one, but there is a reason why its used so often because it is directionally true. Monero still provides better default privacy without so many hoops to jump through.