Yes, but as a whole package Monero is apex of privacy coins. Long list of problems with Zcash, Dero, ARR, etc. that directly or indirectly call them into question. Like trusted setups, dev tax, optional privacy, the list goes on.
Just ask the DNMs what they are using more and more. True skin in the game and market test.
Obscure forms of cryptography? Monero is built on established cryptography from the 80s. L2s have their own unique trade offs. Ecash? Custodial. Liquid? Permissioned. Lightning? Complex UX to operate completely sovereign and semi-private. And many others.
If you are scared the media/technocrats/politicians/majority can kill it by calling it mean names it has completely failed at being unstoppable money. If you need statists to win you miss the main point of Bitcoin. PERMISSIONLESS.
Monero is a shitcoin:
“Or you can choose to hide amounts like (shielded) Zcash or Monero do; you improve privacy and fungibility, but at the cost of offloading supply soundness guarantees to the correctness of proof and signature constructions.”
Supply soundness is sacrificed for privacy on monero. Just practice privacy on bitcoin and keep the supply soundness. Pretty easy choice.
Source: https://www.getmonero.org/2020/01/17/auditability.html
...then don't save with it. Just use it.
Coinjoin obfuscation is weak privacy VS encrypted amounts and recievers in Monero
There is no transaction graph available connecting a range of senders and recievers like with coinjoins. There is no amount analysis possible either.
You can't have your cake and eat it too. Sorry bud.
I noticed I'm unable to rebut every point submitted by the Monero bros. In my view, they have stronger arguments than Ethereum proponents (let alone Bitcoin Cash or God forbid BSV users).
But how private is Monero really? Has any bitcoiner thoroughly examined the merit of Monero maxis' claims? I'd like to see such an analysis if one is available. nostr:npub1dergggklka99wwrs92yz8wdjs952h2ux2ha2ed598ngwu9w7a6fsh9xzpc nostr:npub1tr4dstaptd2sp98h7hlysp8qle6mw7wmauhfkgz3rmxdd8ndprusnw2y5g nostr:npub1a2cww4kn9wqte4ry70vyfwqyqvpswksna27rtxd8vty6c74era8sdcw83a nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx
I noticed I'm unable to rebut every point submitted by the Monero bros. In my view, they have stronger arguments than Ethereum proponents (let alone Bitcoin Cash or God forbid BSV users).
But how private is Monero really? Has any bitcoiner thoroughly examined the merit of Monero maxis' claims? I'd like to see such an analysis if one is available. nostr:npub1dergggklka99wwrs92yz8wdjs952h2ux2ha2ed598ngwu9w7a6fsh9xzpc nostr:npub1tr4dstaptd2sp98h7hlysp8qle6mw7wmauhfkgz3rmxdd8ndprusnw2y5g nostr:npub1a2cww4kn9wqte4ry70vyfwqyqvpswksna27rtxd8vty6c74era8sdcw83a nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx
Privacy is indisputably much stronger on Monero than Bitcoin.
Bitcoin relies on obfuscation, a weaker form of privacy, where the range of possible connections and amounts are availabe to see. Why does this matter? Because someone can use future data to deobfuscate your coinjoin. There is a whole industry dedicated to this: Chain analysis. https://blockworks.co/news/silk-road-hacker-sentenced
Monero hides amounts and recievers via encryption. So, there is no transaction graph connecting senders to recievers. And amount analysis is not possible either.
Ring signatures is the only part that is obfuscation, but it is only for senders. And previous senders are used as decoys for new transactions = compounding anonymity set over time.
Simple example of a Monero transaction:
~6% chance Alice sent $[?] to [?]
With the upcoming Seraphis upgrade ring signatures will jump from 15 decoys to 128 decoys (maybe 256). And eventually ring signatures will be replaced with full membership proofs to do away completely with sender obfuscation.
Are you in it for the freedom tech or NGU?
Sometimes these are at odds
Monero vs Bitcoin is a clear blindspot for you guys
If your priority is to hide your identity: Monero anonymity > Bitcoin psuedo-anonymity.
If your priority is to hide your actions: Monero encrypted hidden amounts/recievers > Bitcoin coinjoin obfuscation (all range of amounts and connections are completely public to deobfuscate with future data)
If your priority is large anon sets (previous spends used as decoys that compound over time via ring sigs) and simple convenience:
default privacy > optional privacy
Put this all together and it is clear and indisputable that for private transactions:
Monero > Bitcoin
#MMonero #XMR
It is much stronger that that. The built in "coinjoin-like-function" of Ring Signatures (15 decoys) are only 1 of 4 layers of Monero privacy tech. It is one of the weakest parts and only for senders. Dandelion++ also obfuscates IP origination.
The parts that make Monero really shine are:
Confidential Transactions completely hides amount
Stealth Addresses completely hides reciever
Simple example of a Monero transaction:
~6% chance Alice sent $[?] to [?]
Unlike simple coinjoins, the transaction graph connecting senders to recievers doesn't exist. Amounts are not available to analyze either. All you could know from just looking at a blockchain transaction is a 64-character string maybe signed a Monero transaction.
How much? To who? That is unknown.
Bitcoin is a public blockchain. Monero is not. So naturally Monero has stronger privacy and all by default. Trade off: not as strong/simple/transparent auditability as bitcoin, but it can still prove all inputs and outputs equal out to 0 thru complex math via pedersen commitments and rangproofs.
Bitcoin relies on coinjoins for privacy. But nothing is hidden. All possible connections and amounts are available to parse with future data and deobfuscate a coinjoin. There is a whole industry dedicated to it. Chain analysis. Example: https://blockworks.co/news/silk-road-hacker-sentenced
Monero transaction graph between senders and reicievers doesn't exist. And analysis of amounts doesn't exist. Example:
Monero transaction: ~6% chance Alice sent $[?] to [?]
Ring Signatures: obfuscates senders
Confidential Transactions: completely hide amounts
Stealth Addresses: completely hide recievers
Dandelion++: obfuscates IP address a transaction orginated from
Monero relies on pedersen commitments and range proofs for auditability. Its built on the foundation of sound cryptography from the 80s. True, you cannot just look at the blockchain like Monero and do "simple math" to add everything up.
But then again, what bitcoiner does that? They just run a node and pay no mind just as Monero. No bitcoiner is making sure every new block (all inpus) = (all outputs). So in practice that is a weak point.
RBF has it's own trade offs. Where 0 conf payments use to be pretty safe for small amounts on btc, it makes them way riskier and lowers convienience/useability in that respect.
Monero doesn't only have obfuscation...you are very misinformed sir. Sender is the only part that is obfuscated thru ring sigs. Monero uses ZKPs/encryption for amounts and recievers. There is no connection graph linking senders and recievers. There is no amount analysis either. Simple examples:
Monero: ~6% chance Alice sent $[?] to [?]
Bitcoin Coinjoin:
[Alice, Bob, and/or Carol] sent [$X, $Y, and/or $Z] to [Dave, Eve, and/or Frank]
Encryption > Obfuscation
Monero privacy is much stronger than merely coinjoining where the range of possible amounts and connections is completely available. There is always potential to combine with future data to deobfuscate a coinjoin tx. And it has happened many times.
https://www.wired.com/story/silk-road-bitcoin-seizure-james-zhong/
I think I linked the wrong article. Here is the correct one: https://blockworks.co/news/silk-road-hacker-sentenced
Monero relies on pedersen commitments and range proofs for auditability. Its built on the foundation of sound cryptography from the 80s. True, you cannot just look at the blockchain like Monero and do "simple math" to add everything up.
But then again, what bitcoiner does that? They just run a node and pay no mind just as Monero. No bitcoiner is making sure every new block (all inpus) = (all outputs). So in practice that is a weak point.
RBF has it's own trade offs. Where 0 conf payments use to be pretty safe for small amounts on btc, it makes them way riskier and lowers convienience/useability in that respect.
Monero doesn't only have obfuscation...you are very misinformed sir. Sender is the only part that is obfuscated thru ring sigs. Monero uses ZKPs/encryption for amounts and recievers. There is no connection graph linking senders and recievers. There is no amount analysis either. Simple examples:
Monero: ~6% chance Alice sent $[?] to [?]
Bitcoin Coinjoin:
[Alice, Bob, and/or Carol] sent [$X, $Y, and/or $Z] to [Dave, Eve, and/or Frank]
Encryption > Obfuscation
Monero privacy is much stronger than merely coinjoining where the range of possible amounts and connections is completely available. There is always potential to combine with future data to deobfuscate a coinjoin tx. And it has happened many times.
https://www.wired.com/story/silk-road-bitcoin-seizure-james-zhong/
If strong privacy by default, fungibility, and cheap txs are shitcoining, so be it!
