Build your own lightning wallet in 20 minutes: https://www.youtube.com/watch?v=M_tVo_9OUIs
> If all hops are connected to the same LSP, I don't think this adds any privacy
If you yourself run rack proxy software, it would add privacy for you and for anyone who routes through you, for two reasons: (1) even if everyone *was* using the same LSP, the LSP has no way of knowing that (2) the LSP can no longer safely assume the payments you receive are actually yours -- you could just be routing them to some other destination, since the rack server software makes you a routing node, and the LSP does not know what other channels you might have, through which you route these payments to others
> All hops will route through the same LSP
There's no reason to expect different proxies to use the same LSP. The list of LSPs I recommended has 10 different LSPs plus another LSP aggregator -- liquiditystr -- which currently has 4 additional LSPs besides the ones on my list. Moreover, using an LSP is only a recommendation -- you can also just start opening up channels to popular destinations or other routing nodes, as long as you get yourself some inbound capacity somehow (e.g. by paying someone).
🎉 Join me at Des Coin Bitcoin Meetup!
📅 July 5, 2025 at 2:00 PM - 4:00 PMCDT
📍 Steak 'n Shake, 815, South 51st Street, Carriage Homes, West Des Moines, Polk County, Iowa, 50266, United States
At our second bitcoin meetup, we'll pay for our meals with bitcoin, discuss bitcoin, and -- I hope -- do the following three things:
(1) Start a list of btc-friendly merchants in the Des Moines area who either accept bitcoin as a means of payment or sell bitcoin-related goods and services
(2) Showcase the merchants on our list so as to encourage members of the meetup to support those merchants by shopping at their stores
(3) Discuss ways to increase traffic to those merchants via a bitcoin rewards system and by increasing the number of people at the meetup who hear about those merchants
We'll meet at the Steak n Shake here:
Steak n Shake
815 South 51st Street
West Des Moines, IA 50265
I think that is currently how fountain app does it
There are two possible advantages to doing it atomically, depending on how you do it: you can do it by atomically forwarding the funds to different destinations without telling the sender where the funds end up, which is better for receiver privacy, but allows the "middleman" server to steal by giving the sender an invoice that pays himself, without forwarding the money to the real would-be recipients.
Another way you can do it is, do the same thing except you *do* tell the sender where the funds end up, and include a signature from each recipient confirming that they will only reveal the payment preimage if they get their cut. By doing that, you give up on some of the receiver privacy, because now the sender knows the number of recipients, or at least a number of people who "claim" to be recipients (they could inflate this number), though he still doesn't know what amounts they get.
Whichever way you do it, you additionally break a heuristic that some routing nodes use to guess how much money was received in an LN payment; the heuristic they use is to guess that the ultimate recipient basically receives the full amount sent, minus some routing fees; but if you do an atomic payment split, how much the ultimate recipient gets depends on how the split is done, so the assumption no longer holds.
I agree that if the admin had done the exact same action with lightning the timing analysis would have worked against lightning too
You may not want to call that tracing but I think it is the accurate term
let's start with every current user, it's possible for them to do it
and if they do then perhaps the number of future monero users will be 0
Thank you for doing this
I don't want to create that impression
To say X is a monero problem is not to say it is *only* a monero problem
The website describes itself as a list of leaks monero has, not a list of leaks that *only* monero has
I do claim that, except I disagree with the part that says implications are "not part of the evidence"
A blockchain problem is a monero problem
Maybe so, but some information is safer to reveal than others
Option A: the receiver gives the sender a one-time payment string, the sender pays it, and the the receiver irrecoverably discards every trace that he ever had the payment string
Option B: the receiver gives the sender a reusable payment string, the sender pays it, and they both keep the string forever
The latter is worse for privacy because the shared piece of data ties the sender and the recipient together, it stands as an everlasting proof that they interacted. At least one of them should discard it because if it is found on them both, it is evidence that they once interacted. But there is only one way for each to be sure that at least one of them destroyed it: destroy it yourself.
This is not encouraged in monero; on the contrary, the standard contact list feature encourages the sender to keep the receiver's monero address and reuse it, and the standard recommendation for the receiver is never to delete his private keys, because someone might send him money at an old address, not knowing he deleted the keys.
> The sender knowing where they need to send coins is par for the course
Then change course
There's no reason to stick with the poor privacy options of the past, not now that we can do better
It used to be that you could not run a server without disclosing your ip address to your users
Then tor came out and you could run a server as a tor hidden service
It used to be that you could not run a DNM without disclosing your crypto address to your users
Then lightning came out and you can run a DNM as a lightning hidden service
Let's keep pushing and make things ever more private
> It's knowing what I do with it after that that matters
It matters that someone knows your cryptocurrency address. What if they testify in court against you that you gave them that address, and the prosecution demonstrates that it's private key was found on one of your devices? Suddenly it matters. The sender should never learn anything that sensitive.
> ...and them knowing how much they sent there
This seems like.highly relevant additional context
Knowing where the coins go sounds very important to the concept of tracking
> MimbleWimble doesn't have addresses
Cool. I don't know much about mimblewimble yet, but that part sounds neat.
Every time you have to give someone data, it's a privacy leak
> There's no way he genuinely believes that giving someone an address to send to qualifies as tracing
I don't believe that
But I do believe monero would be more private if you did not have to give anyone an address
> automatic custodial exchange are a thing, no user initiated withdrawal may have been necessary
It would have been necessary whenever the amount he deposited into the second exchange differed significantly from the amount he deposited into the swap service. I grant that the first time he did it, it's plausible that he did not withdraw the money; the amount he swapped was identical to the amount he deposited at the second exchange, so perhaps he just entered the second exchange's address as the recipient for his swap.
But if that is what he did, he clearly wisened up, because in the other three cases, he made the amounts vary a bit: once he sent a bit extra to the second exchange, the other times he sent a bit less. Indicating that he withdrew the money to a separate wallet first. So in all cases except possibly the first one, a user initiated withdrawal *was* necessary.
> whether there was an intermediate wallet or not, they nowhere claim to have visibility into any "withdrawal."
They mention the exact XMR amounts he received via the swap. That is insight into the withdrawal that they should not have had.
> it is not mentioned at all
Here it is:
Question: how did they know exactly how much he received via the swap? It wasn't the same amount he deposited into the second exchange. So they must have gotten that info from somewhere else. I think the first exchange *told* them how much money he received via the swap. Which means they got data they shouldn't have.
> nobody contests there was timing analysis done, but seeing Bitcoin go in and Monero come out isn't "tracing monero."
Seeing bitcoin go in is clearly tracing bitcoin. Seeing monero come out is clearly tracing monero.
> there is no "monero tracing" when their only monero data point is seeing coins arrive on the CEX
That's not the only data point. They saw the amount and time of two different monero transactions: the withdrawal from exchange A and the deposit to exchange B. That's not one data point, it's two.
> and if you dont like the word "apprehend", we'll use your word "find".
nowhere do they claim they "found" him by "tracing monero" (as they dont claim to trace monero at all).
They found him to be the launderer by means of this trace. The term used is the correct one. But if I change "they found the admin of Incognito Market by tracing his monero" to "they traced the monero of the admin of Incognito Market in order to identify him as a money launderer" will that be an improvement in your eyes?