The state's concept of money is private and it has just enjoyed help in getting data about electronic ledgers for the last 55 years, by deputizing banks. And for the last 18 it has also enjoyed public ledgers of crypto currencies.
But the successful stigma of financial privacy doesn't invent its right to having data. This is just a privilege, and private money is a reversion to the mean.
The rumors that people bought Trump-coin for the sole purpose of currying favor got to me.
So its fine to feel disillusioned from that goal because it was a misplaced goal.
Monero on the other hand is private by default, and you can disclose transactions. It has optional auditability. This is a power dynamic I can appreciate.
easy to steal, liquid to sell, cant be confiscated.
Yeah their expropriations in Monero are occurring too, but I can’t levy a separate higher standard when this other thing is happening
How would government knowing exactly who spends what where help in that scenario?
No one wants to switch to some unknown tech with an unknown development team.
I remember a scare some years back around a Monero developer that turned out to be a nothingburger, but it goes to show how important it is that the core development team is trustworthy, or at least sticks to their beliefs and don't capitulate to third-parties (whether public or private in nature).
Monero is the one coin I can confidently say I trust the core developers on, it's had a strong history of making the right decisions where it counts in my opinion (breaking ASICs w/the monero-classic situation, making the official client default to downloading the entire chain, etc)
Adopted and used first by darkweb pot dealers, like Bitcoin was.
Price supressed by government and banking hostility, like Bitcoin was.
https://gist.github.com/kayabaNerve/b754e9ed9fa4cc2c607f38a8...
After seeing this and their weak attempts at making a CPU-based PoW, I don't have any confidence in dero or its developers.
this phrase highlights some really common but unnecessary misunderstandings
1) the proceeds swapped to Monero. there is nothing "presumably" about that because we can see they were swapped to Monero. It isn't a correlation, the instant exchanges show and retain records that they were swapped to Monero.
2) they are unlinking the origin and destination of illicitly obtained funds, so that is laundering BUT
3) its equally as likely that Monero is the destination. there is no further swapping out to hide. no further laundering to complete. Monero can be used to purchase goods, services, and invest with as well. I think this is as misunderstood as people actually wanting to hold bitcoin was 10 years ago.
4) Monero is an old coin, from one of the first crypto cycles, one thing that's held people back from using it and other mixers is the liquidity. If a large hack of funds used any one of them, then most of the funds coming out would be probabilistically part of the hack and illicit. But if MANY of the hacks used it and other licit sources, this would improve the liquidity for everyone and other hacks. Liquidity begets liquidity. It was only a matter of time before someone started it.
That's after getting a degree and spending over a decade in financial journalism.
You will read this but still insist you are smart.
People like you are the reason people are falling for "AI slop".
tl;dr every method from the private sector and the state has resulted in nothing, or an upgrade to the Monero network
for anyone interested in using Monero, consider using Feather Wallet. This wallet implements some better best practices than the community's wallet.
Feather Wallet does initial syncing over clearnet for speed, and then connects to TOR and then only connects to other nodes hosted over Onion network. So you aren't even needing to connect to exit nodes.
It also hides the root address which starts with 4, and only shows you subaddresses that starts with 8. I always felt it was important that nobody ever could distinguish between a root address and subaddress.
It ensures you don't re-use addresses, which is an ancient and still relevant best practice that most cryptocurrencies and wallet have avoided for user experience. Feather Wallet makes it easy though.
Timing attacks are still relevant. For anyone aiming to use Monero as merely a conduit, wait 1 week or 2 before moving funds out, and move them out in different denominations than you put in. (In comparison, if you put $50,000 of XMR in, and a couple ours later moved $50,000 of XMR out in one transaction, this could realistically deanonymize you.)
The more people using Monero for benign but equally as private purposes, the more it improves the utility of Monero for everyone.
A simple and surprising limitation of Monero and any other decoy-based approach is that if you repeatedly withdraw money from one exchange and then deposit it to another, those transactions are not private (edit: even if we ignore payment value). This is a form of Eve-Alice-Eve attack.
Monero uses decoy transactions to obscure the transaction history on-chain, but it does not remove the history. There's a reason every other major privacy protocol (Zcash, Tornado Cash, Railgun, Aleo, Penumbra, etc.) does not use Monero's decoy-based approach, and even the Monero developers are moving to the standard zero-knowledge proof over an accumulator (IIRC a merkle tree like everyone else) based approach that they call Full Chain Anonymity Proofs.
As a meta-comment, this is one of a genre of Monero "privacy" analysis documents that are circulated as a way to claim there are no known actively used exploits. This is little better than the classic "my scheme is secure; here's a bounty for anyone who breaks it" form of cryptographic analysis we often see with flawed encryption schemes. Breaks will not always be public.
> repeatedly withdraw money from one exchange and then deposit it to another
right, don't do that. Withdraw to your wallet. Wait several days. Transfer elsewhere in different denominations.
Problem solved for everything you wrote, and its been nearly the same for the entire lifespan of Monero, 11 years now.
> Breaks will not always be public.
There are court cases that give the confidence necessary. It is also something to stay abreast of. Always just ask yourself who the transaction is intended to be hidden from.
Unfortunately, it doesn't work like that. The EAE attacks only require that the end destination is colluding with the start destination.
Like everything with decoys, privacy is stochastic. So I wouldn't go around making absolute claims about the privacy as many proponents of monero like to do. The developers advise against making these sorts of claims. Monero makes privacy a lot easier, but it's not perfect.
>There are court cases that give the confidence necessary. It is also something to stay abreast of. Always just ask yourself who the transaction is intended to be hidden from.
In the free world, we have the concept of innocent-until-proven-guilty and evidence-beyond-a-reasonable-doubt. Decoy-based approaches give you plausible deniability, but this often isn't enough for more domains where a lower standard of proof is needed.
Fortunately, all this and more will be fixed in FCMP++ upgrade.
Right now it seems Eve just needs to do a dust attack and addresses she’s seen before
And wallets like Featherwallet just need to segregate dust from the pool of outputs, and that kind of attack is totally thwarted
Fortunately Eve doesnt know if an address is part of the same wallet and Featherwallet hides the ability to reuse addresses, although users are lazy and may rely on old addresses being accepted destinations for anyone sending them funds. It would be great if wallets notified of dust, or asked you to recognize transactions in.
As a non-user of Monero, how do I find out what the security properties are and what information is leaked when various actions are taken? The OP's analysis is deeply lacking in this and the apparent rule against repeated transactions is non-obvious
there would be the monero subreddit where you could ask these questions
LLMs would be trained on them by now
Books like Mastering Monero exist, and will become obsolete if the proposed upgrades go through
Annual DNM OPSEC GUIDE will likely cover it (darknet market operational security guide)
many times police will made up "plausible way" how they uncovered something, but this "plausible way" was constructed after the "secret" or illegal way was employed to do it.
rephrase : police will do illegal thing to obtain info where you stash your drugs. for example installing NGO Pegasus to your phone, gps tracker under car... so they already have that info. then they call anonymously 911 saying there is smell of gas on street. (maybe they even spray some of mercaptan to make it even more plausible) firefighters, etc will come investigate gas leak and police will say that they uncovered drug stash in investigation of gas leak... illegal way to obtain info, then brainstorming how to make that data available "lawfully". they will not tell in front of judge/court about first part... so no your assumption is not correct.
in computer world it is million time easier.
99% of youtube videos about criminals failing at operational security is intentionally bad information.
IF you are believed to be criminal / "bad person" police(men) will justify doing almost anything, because you are bad person IN THEIR EYES.
also they are trained to and expected to disinform :
For example, Ross Ulbricht. every news paper said that "closing his laptop lid will lock his computer and police will be unable to decrypt it" they pushed it and said it so many times that researchers jumped on LUKS and in 1.5 years there was almost complete rewrite of LUKS.... (not even talking about constant TOR effort)
Whole not closing his notebook also proves that they obtain data legally. It does not say they did not have that data already.
One info can mean multiple things to multitude of people.
My confidence in Monero comes from following what the administrative state has said in court cases
Often times they don’t know the balance, location, and are unable to seize it. As designed
Amusingly, assume the CIA has figured out a clever trick for opening up Acme Secure Envelopes in transit. If they publish a report detailing at length how amazing and tamper proof Acme products are, the world would take note and sales would plummet overnight. If, however, you publish the same report on a blog about how to mail documents securely...
For instance, recently a core Monero dev published something called OSPEAD which is a proposed fix to the "Map Decoder Attack" which he also publicly disclosed at the same time : https://github.com/Rucknium/OSPEAD
The TLDR is that Monero has about 75% less privacy than anybody thought, and this attack is still "live" in production. It requires a mandatory upgrade by every node on the network to fix and as far as I know, no fix has been decided upon yet. The attack can be combined with other attacks to completely de-anonymize transactions. I recently wrote about the bug and my proposed mitigation that users can do to regain privacy here: https://duke.hush.is/memos/6/ . AMA, if you desire.
This attack (and mitigation) is not getting the attention it deserves, partially because it is technical and hard to explain and partially because it does not serve the interests of content marketers and Monero influencers.
Monero is indeed moving to ZK proofs because they are mathematically superior in every way. At a very high level, they are moving towards being more like Zcash but they are not using Zcash ZK machinery, they are rolling their own. They are called "Full Chain Membership Proofs" or FCMPs. You can read the paper about those here: https://github.com/kayabaNerve/fcmp-plus-plus-paper/blob/dev...
As another example, recently an anonymous researcher published http://maldomapyy5d5wn7l36mkragw3nk2fgab6tycbjlpsruch7kdninh... (you will need Tor Browser to access that) which explains how the Monero network is being spied on by malicious nodes, with the end result being that transaction id's can be linked to IP addresses.
There are various other examples of de-anonymization attacks on Monero but OSPEAD and network spying (which can be combined) are some of the worst, because they are very inexpensive and effective.
After this is implemented, it will really strengthen its privacy. It will take a few years of development, iteration and planning. Move slow and... don't break things?
The USA in specific has had a similar problem before with encryption being classified as a munition making very problematic to import or export encryption. That's actually pretty well documented in various pieces of Java code from Sun if you're curious, because different algorithms could not be part of the JRE/JDK that was distributed publicly.
Your mention of "highly centralized billion dollar compute operations" is actually related to the training of the models not the inference. Doing inference for many of these models is readily available at modest consumer hardware availability. There are many different ways to break up models (MoE) etc. The notion that you need a large super computer to do inference is unfounded.
Also, as a reminder, cryptocurrency mining has already proven this to be a thing. Some stay above ground, some go to geopolitical areas for shelter and some stay underground entirely.
For your entertainment I will also include a more simplified play-by-play of how this can play out in the near future:
1. OpenAI or some other USA based AI company continues to get outplayed by foreign models (Qwen, Deepseek)
2. Company cries to government
3. Government does a similar munitions or tariff to what we saw with encryption. Requires at the least anyone wanting to use AI gets one from the good boy list etc.
Now you either (a) use only AI from the good boy list and get outplayed in the global marketplace where our main export is global technology or (b) start acting like a Chinese citizen and using a VPN to access AI services not available only on the approved good boy list.
I will stop here because the rest is already very well documented with how this progresses and you get the same result as the darknet marketplaces (DNM). DNS censorship for AI services not on the good boy list. DNS censorship and legal pressure for VPNs that allow non-good-boy-list services, etc.
Why wouldn't someone change a few .com endpoints to .onion and keep it moving while you send some coin to a wallet?
The philosophy behind Tor is maximum privacy, the most private way to do AI is locally.
> Doing inference for many of these models is readily available at modest consumer hardware availability.
Then why exactly do I need a darknet service for that, instead of running it locally?
> Now you either (a) use only AI from the good boy list and get outplayed in the global marketplace where our main export is global technology or (b) start acting like a Chinese citizen and using a VPN to access AI services not available only on the approved good boy list.
Yeah, businesses are totally gonna buy tons of crypto to pay for outlawed services from China to stay competitive. Instead of running models locally as you suggested above. And of course the government will just fold in face of this crypto enabled libertarian hell.. I mean utopia. Can't beat math, amirite? There will be no more taxes, everyone will be free, armed and get as much fentanyl as they want, and we will just build a Dyson sphere around the sun to power this awesome new financial behemoth. It will be so worth it.
Better invest now!
All of that is irrelevant to the context at hand. How good, trade-worthy, or the value of a cryptocurrency is not directly tied to the amount of computation work done to mine the coin. All different combinations exist.
> Then why exactly do I need a darknet service for that, instead of running it locally?
For the same reason most people are completely capable of running a modest PostgreSQL server with Nginx or a few docker containers on their hardware, yet they pay for the service of other people doing it. The same is true for backup, storage, and a plethora of other services they gladly fork over a few dollars for.
It being over the darknet is not a techncial requirement, it's an economic / market requirement.
> Yeah, businesses are totally gonna buy tons of crypto to pay for outlawed services from China to stay competitive
They already gladly look the other way and do shady things to procure data.
> Instead of running models locally as you suggested above.
Weird, when they tried to do that the DNS resolution for the domain name failed. Guess they'll fire up their VPN to start grabbing the model, etc. Maybe just by AICoin and move on?
> And of course the government will just fold in face of this crypto enabled libertarian hell.
For about 15 years you have been able to go into a .onion and grab whatever you what on a DNM. Many have been taken down. You can currently go on a .onion domain and grab whatever you want.
> I mean utopia. Can't beat math, amirite?
They seem able to catch a DNM every once in a while, but there are always a dozen or so viable and active alternatives.
> There will be no more taxes, everyone will be free, armed and get as much fentanyl as they want
I'm fairly certain the United States is getting as much fentanyl as it wants already. You can walk to some place in any city and get it in pill form quickly and cheaply. How much involvement the DNMs have in that right now I don't know. In the past some DNMs have policed that and some provided "quality testing" to verify the lack of presence of fentanyl in other substances.
I am interested in any references to tracking Monero in criminal court cases. So far it seems to be one of the most effective ways to "keep getting away with it".
Though Zcash proponents will say the tax is a good thing. The tax is so good, that instead of getting rid of the tax after half of the coins were mined like the developers originally promised, the devs kept the dev tax for all of the mined coins.
Once you create a wallet and write down the seed phrase, generate a "view key". Creating a new wallet from this "view key" allows you to see incoming transactions to your addresses, but not spend them. So you don't need as much security for "view-only" wallets.
You can generate an address from either wallet. It's a long string of numbers and letters that begins with an "8", under "Receive".
TarikHassan3•1d ago
That said, I do think it's got the brightest future of any coin besides BTC for the very reason.
stuxnet79•1d ago
Brightest future in terms of what? Traction? Market cap? This is what I thought 7 years ago, and I beefed up my XMR position as a result. Meanwhile, Bitcoin an objectively inferior technology, has 25x since then.
candiddevmike•1d ago
Are there scaling issues with Monero, similar/worse than BTC?
dboreham•1d ago
Technology quality is uncorrelated with market cap. This would be like saying Frontier Airlines should have a higher market cap than United because one uses Linux and the other is still on mainframes..
PokedBear•1d ago
ujkhsjkdhf234•1d ago
MoneroDotForex•1d ago
tromp•1d ago
* node resources scale with the size of the UTXO set (unspent outputs), which in Monero's case balloons to the entire TXO set (all outputs, orders of magnitude larger)
* a typical 2-input 2-output transaction is 4 times larger
* wallets have to track all outputs to choose random decoys for transaction inputs
One can argue that this is the price to pay for significantly better privacy, but the largest benefits come from having no visible amounts or addresses, which can be achieved with significantly better scalability than BTC [1].
[1] https://forum.grin.mw/t/scalability-vs-privacy-chart/8114
coldblues•1d ago
proxynoproxy•1d ago
beeflet•1d ago
Everything considered, I don't think that the risk of a monero inflation bug is greater than a bitcoin inflation bug when you consider the complexity associated with scripting.
tromp•1d ago
[1] https://phyro.github.io/grinvestigation/why_grin.html
akimbostrawman•19h ago
https://www.moneroinflation.com/inflation
beeflet•1d ago
MWEB is certainly an improvement over transparent transactions (and other methods such as coinjoin, coinswap, cashfusion, etc.), and I welcome the litecoin upgrade. I agree that decoy-based privacy is weak.
However, I don't believe that the mimblewimble meets the standard of privacy needed for most users. It's not the visible amounts and addresses, but the links between transactions that are the main problem. CTs on their own are just a "nice-to-have".
The end goal should be a zcash or firo style of privacy. I think you can scale that to a global network with an adjustable block size, payment channels, and atomic swaps between multiple cryptocurrencies. The problem is that zcash and firo have weak tokenomics compared to monero. Grin will have a hard time finding an initial niche that isn't currently satisfied by monero, and if it does take off, its changes could be merged into bitcoin (https://www.truthcoin.info/blog/imex/).
short_sells_poo•1d ago
im3w1l•1d ago
A constant rate of printing means the supply is uncapped but the inflation rate will approach zero.
Monero's choice is arguably better for actual use as a currency, as the printing will prevent deflation from lost coins. But it makes it less attractive as an investment.
wkat4242•17h ago
For me that's a feature not a bug. The investor cryptobros have thoroughly killed the interest in BTC as a real payment method and made it just a vaporware pyramid scheme. They have accumulated a lot of influence.
Also they corrupted the whole idea behind bitcoin which was independence from the old centralised banking system where others control your money. To guarantee their investments they've rebuilt the whole old system in bitcoin with the exchanges and some regulators even demanding you use them to store your BTC.
sfjailbird•1d ago
tsimionescu•1d ago
The only way to get BTC-like guarantees of no double-spending for Lightning network transactions is to put every transaction on the BTC block chain ("close the channel" after every transaction). And then, of course, you get back all of the problems of BTC (minuscule TPS not enough for a small village, 0 privacy, huge energy costs).
swores•1d ago
(And sorry for going against the guidelines and talking about downvotes, but I'm really just asking for someone to either confirm what they said is right or explain why it isn't, I'm not caring about the votes themselves.)
tromp•1d ago
tsimionescu•1d ago
8note•1d ago
if the chain swaps a month from now and drops my bbq purchase, the bbq shop isnt getting their bbq back, even though i get my BTC back on the new chain. the ethereum fork for ethereum classic also doubled everyone's wallets, which i'd consider to be a double spend
The double spend protection is quite limited, so whats the big loss from lightning?
tsimionescu•21h ago
So, assuming the BBQ supplier waited about an hour for confirmation, the chance that the money would be lost is minuscule with BTC transactions. With Lightning transactions, the same is not true at all - the customer could close their channel abruptly two months later when the BBQ joint is on vacation, and the money would suddenly vanish forever (assuming they don't catch the fraud in the time window before it becomes permanent).
Of course, in both cases, if you're the person who sent the money and the BBQ never arrived, you're out of luck entirely. Which is why the claim that BTC or Lightning enable trustless monetary transactions is mostly bogus, even with a no-double-spend guarantee. And waiting one hour for a payment to a BBQ joint to clear is basically unworkable (and the reality is more like two hours - one hour for the transaction to make it to be mined, and the other hour to confirm the block where it was included remains permanent).
lawn•1d ago
While there are scaling issues with BTC it's severely worsened by the fact that BTC had refused to scale on-chain.
Monero is technically much harder to scale but since it doesn't have the same self-imposed restriction it can handle more transactions than Bitcoin can.
protocolture•1d ago
Consider that a lot of Bitcoin is assumed to be locked up.
If an old satoshi wallet started moving funds, the price would probably halve.